27f8bc8216730b81c531bc405a679a3882057f348fa7793f13792af7f27be4d9

Analysis

max time kernel
142s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 06:02

Target

1096437a2e40f796f7ad61638347d4a1.exe
Size

175KB
MD5

1096437a2e40f796f7ad61638347d4a1
SHA1

64c2acef6d72ecb1a6cbeb8daf3410b85954cf96
SHA256

27f8bc8216730b81c531bc405a679a3882057f348fa7793f13792af7f27be4d9
SHA512

216efaa6ab59ebbead2fe96679cc7fa48c8942434439cad7bf0acac59185ea623acfbbf4d1d4c9796173f980a8e204d39ddca64776b16fd06ed894a6f9d0ce39
SSDEEP

3072:EI9YbmFGTfgci+PQcwqmzoT+XyJFAjC5LeQODzDrlU6EjQKmPD:EI6bEGTffi/cSkky3mQKhU9Qh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2772	1744	WerFault.exe	5

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 2772	1744	1096437a2e40f796f7ad61638347d4a1.exe	28
PID 1744 wrote to memory of 2772	1744	1096437a2e40f796f7ad61638347d4a1.exe	28
PID 1744 wrote to memory of 2772	1744	1096437a2e40f796f7ad61638347d4a1.exe	28
PID 1744 wrote to memory of 2772	1744	1096437a2e40f796f7ad61638347d4a1.exe	28

C:\Users\Admin\AppData\Local\Temp\1096437a2e40f796f7ad61638347d4a1.exe
"C:\Users\Admin\AppData\Local\Temp\1096437a2e40f796f7ad61638347d4a1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 88
  2⤵
  - Program crash
  PID:2772

memory/1744-1-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download
memory/1744-0-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download
memory/1744-2-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download