ea8fab834688c888e2d4b8b4c26832e7a9f49034c018f1ec04bbe06d338c518b

Analysis

max time kernel
122s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 06:04

Target

109f02ee0950362319812ae949bd4a42.exe
Size

357KB
MD5

109f02ee0950362319812ae949bd4a42
SHA1

4d9092f69c393ca957c3ef3d02d9345e3f85f889
SHA256

ea8fab834688c888e2d4b8b4c26832e7a9f49034c018f1ec04bbe06d338c518b
SHA512

99aed6d839c6e918bc5be47346aa715b98002dfcb851d62eb908b4bad5e2768ba324231bbc6cc3eab84582da20dd6e5ceb6e7264b4eef1fcded969a58740f159
SSDEEP

6144:V14kAy/uXwpuEKC0aWaHtGdgEjVRT0BIBEsm9/tXx9YBg8NAy/3RZo+aiAZZMwai:V1v2ApujKWggd1jbEILU/tw/3RZo/dzF

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1244	2496	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 1244	2496	109f02ee0950362319812ae949bd4a42.exe	18
PID 2496 wrote to memory of 1244	2496	109f02ee0950362319812ae949bd4a42.exe	18
PID 2496 wrote to memory of 1244	2496	109f02ee0950362319812ae949bd4a42.exe	18
PID 2496 wrote to memory of 1244	2496	109f02ee0950362319812ae949bd4a42.exe	18

C:\Users\Admin\AppData\Local\Temp\109f02ee0950362319812ae949bd4a42.exe
"C:\Users\Admin\AppData\Local\Temp\109f02ee0950362319812ae949bd4a42.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 36
  2⤵
  - Program crash
  PID:1244

memory/2496-0-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download