d5b9c8309f0f62087eeecd259aab853f4a9a1d5fb6005333f9fddb2883068113

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 04:06

Target

0de37d6bc8cbc99cca9e5883f6b42a5a.exe
Size

47KB
MD5

0de37d6bc8cbc99cca9e5883f6b42a5a
SHA1

cbbb0a5c773a3e33db4a62b86a4c3e92c8d40e28
SHA256

d5b9c8309f0f62087eeecd259aab853f4a9a1d5fb6005333f9fddb2883068113
SHA512

ec712f3eb5bd00ba4aff757c12c116b4f19c2f6d474a332614ec8e26d0c8d7747a93b074584659bcb4e7dd6ab0d2f9d3c9290a1ef92f42ada2625c7086092357
SSDEEP

768:UONzmZ4x8xpyqM+l48dTSVz/n+AjJVkUKv82YjU+OAf0k9R:FqZLf75g2MEvnYjOAf9R

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3036	1880	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 3036	1880	0de37d6bc8cbc99cca9e5883f6b42a5a.exe	28
PID 1880 wrote to memory of 3036	1880	0de37d6bc8cbc99cca9e5883f6b42a5a.exe	28
PID 1880 wrote to memory of 3036	1880	0de37d6bc8cbc99cca9e5883f6b42a5a.exe	28
PID 1880 wrote to memory of 3036	1880	0de37d6bc8cbc99cca9e5883f6b42a5a.exe	28

C:\Users\Admin\AppData\Local\Temp\0de37d6bc8cbc99cca9e5883f6b42a5a.exe
"C:\Users\Admin\AppData\Local\Temp\0de37d6bc8cbc99cca9e5883f6b42a5a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 136
  2⤵
  - Program crash
  PID:3036

memory/1880-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/1880-1-0x0000000000220000-0x0000000000225000-memory.dmp

Filesize
20KB

Download
memory/1880-2-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download