d30ea902c6c983dd8f2611866923abaf5730825ac04cec6d8f33490adb800b03

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 06:50 UTC

Target

117730adb9e5a1b93035035987a65698.exe
Size

430KB
MD5

117730adb9e5a1b93035035987a65698
SHA1

b1178f4f1b4713262d769325be157bd344978a9c
SHA256

d30ea902c6c983dd8f2611866923abaf5730825ac04cec6d8f33490adb800b03
SHA512

62cdfafb1ba91e1582e85923311a3f7bdf91576615bd2c06a06c1aa9d27df40da96c5c8bece363618876f59ab99eab26cff91773b4c7f9cebde149fe71ac2524
SSDEEP

6144:Ulsy4TNbEm1B1zzqaCh9Ju/2x+vw0b8ajNglS2+gUXpP9YC4r:UdwNIm1B1zzqrh9Jf+btwSfgUnBI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2000	2176	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2000	2176	117730adb9e5a1b93035035987a65698.exe	28
PID 2176 wrote to memory of 2000	2176	117730adb9e5a1b93035035987a65698.exe	28
PID 2176 wrote to memory of 2000	2176	117730adb9e5a1b93035035987a65698.exe	28
PID 2176 wrote to memory of 2000	2176	117730adb9e5a1b93035035987a65698.exe	28

C:\Users\Admin\AppData\Local\Temp\117730adb9e5a1b93035035987a65698.exe
"C:\Users\Admin\AppData\Local\Temp\117730adb9e5a1b93035035987a65698.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 116
  2⤵
  - Program crash
  PID:2000

memory/2176-0-0x0000000000DB0000-0x0000000000E20000-memory.dmp

Filesize
448KB

Download