45f9af7492234ff1119862925f163b73bc0a834060bc3ca6cfdd820e9fc55180

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 06:41

Target

114bcfa5dee02d06bbfa5d94571779da.exe
Size

22KB
MD5

114bcfa5dee02d06bbfa5d94571779da
SHA1

7d685d848f64c4b8f00d9ca7dc295ed0e49fb96f
SHA256

45f9af7492234ff1119862925f163b73bc0a834060bc3ca6cfdd820e9fc55180
SHA512

ec19d45c839951b1a33302efa92e57bb12ac85502afc365cbb359ed5ef150b46f4809106a34a0cb5354b1cde2c8bb5cb6780f31d5b98db897f333d75d18a0498
SSDEEP

384:vjpPpP/NWo4leDI8R2KDKwH54ggYc1XkXHNoMKpzLeKQwswLa2gCCDyBz:vtPtUtleDpkKL4VYcp0HNLeeKQHp2h

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2328	2756	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2328	2756	114bcfa5dee02d06bbfa5d94571779da.exe	28
PID 2756 wrote to memory of 2328	2756	114bcfa5dee02d06bbfa5d94571779da.exe	28
PID 2756 wrote to memory of 2328	2756	114bcfa5dee02d06bbfa5d94571779da.exe	28
PID 2756 wrote to memory of 2328	2756	114bcfa5dee02d06bbfa5d94571779da.exe	28

C:\Users\Admin\AppData\Local\Temp\114bcfa5dee02d06bbfa5d94571779da.exe
"C:\Users\Admin\AppData\Local\Temp\114bcfa5dee02d06bbfa5d94571779da.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 100
  2⤵
  - Program crash
  PID:2328

memory/2756-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download