fc470ef58a0a8fb094d0253b09d5e8c4dc6efafba01d14494a49b59483700cc5

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:58

Target

10850ecce14b6d77303698c977c2a3b1.exe
Size

66KB
MD5

10850ecce14b6d77303698c977c2a3b1
SHA1

87f5e15c7d9da5b222e47cb5b1ad83110e86ea7a
SHA256

fc470ef58a0a8fb094d0253b09d5e8c4dc6efafba01d14494a49b59483700cc5
SHA512

5bc49d3872d23ea229cc6bce6fb91cf3211d273c210583fec39b667a53843cd56449073081c442b012f71240a89542f793643654b5d83913c4557ca1fcc04e6f
SSDEEP

1536:0HAxJx1pbs3VPdI5gdhxfjhZPkoce7VXmdvUZnJM:yAVbuVS5gdhxfllXd7YNUZnW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
3004	2932	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 3004	2932	10850ecce14b6d77303698c977c2a3b1.exe	16
PID 2932 wrote to memory of 3004	2932	10850ecce14b6d77303698c977c2a3b1.exe	16
PID 2932 wrote to memory of 3004	2932	10850ecce14b6d77303698c977c2a3b1.exe	16
PID 2932 wrote to memory of 3004	2932	10850ecce14b6d77303698c977c2a3b1.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 88
1⤵
- Program crash
PID:3004

C:\Users\Admin\AppData\Local\Temp\10850ecce14b6d77303698c977c2a3b1.exe
"C:\Users\Admin\AppData\Local\Temp\10850ecce14b6d77303698c977c2a3b1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2932

memory/2932-1-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2932-0-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2932-2-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download