1b702f334c3edc6f0335de44bc117473223d40340bae8be34b9d3ba00451e21f

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 05:40

Target

1039058024cd09800ce036d00ccbfd49.exe
Size

321KB
MD5

1039058024cd09800ce036d00ccbfd49
SHA1

45a68bdc70ddbce63535648fdd555b66d36fb513
SHA256

1b702f334c3edc6f0335de44bc117473223d40340bae8be34b9d3ba00451e21f
SHA512

e71a60873362a8615dfd2c092f7f16fdcedead5f1404e676d010d9a1e69a9bea65519d51e573c80c106cd6e89750a30ffc4da5aedb5943836308e4fe242a6084
SSDEEP

6144:OTj1OTEKnsub1upoH7td/tQqG56Prd3Z5NBA3r14lJDNIl:OFOoKnsub6oHprG5+3a7STY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2928	1692	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 2928	1692	1039058024cd09800ce036d00ccbfd49.exe	15
PID 1692 wrote to memory of 2928	1692	1039058024cd09800ce036d00ccbfd49.exe	15
PID 1692 wrote to memory of 2928	1692	1039058024cd09800ce036d00ccbfd49.exe	15
PID 1692 wrote to memory of 2928	1692	1039058024cd09800ce036d00ccbfd49.exe	15

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 116
1⤵
- Program crash
PID:2928

C:\Users\Admin\AppData\Local\Temp\1039058024cd09800ce036d00ccbfd49.exe
"C:\Users\Admin\AppData\Local\Temp\1039058024cd09800ce036d00ccbfd49.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1692

memory/1692-0-0x0000000001110000-0x0000000001165000-memory.dmp

Filesize
340KB

Download