d483008e109b3d1fe95a1e1a721bd87062ecc7bfbf79fe1f7ea1d57ca16187b6

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 06:53

Target

1182ec6bb07e55830969b66a42f86a0e.exe
Size

21KB
MD5

1182ec6bb07e55830969b66a42f86a0e
SHA1

2540fc23943f0f6055a080716a7533fa6a933edf
SHA256

d483008e109b3d1fe95a1e1a721bd87062ecc7bfbf79fe1f7ea1d57ca16187b6
SHA512

fd481ce6429ecd4c9f135f830f4ef2ec42d621a9c90cf716d12e52a6820069c5635489ae293667d18bb7c3c74168448e3ea2a8991121f0c95bde79f7abcdbb97
SSDEEP

384:AVCQq5BxS0b+5ydJj7w2zAfPgjl+zd/ERSWU1cAkb8d+cee/zmplJ:AAQNafKgAAkzJnWUoC/zGJ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1700	2936	WerFault.exe	6

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2936	1182ec6bb07e55830969b66a42f86a0e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 1700	2936	1182ec6bb07e55830969b66a42f86a0e.exe	16
PID 2936 wrote to memory of 1700	2936	1182ec6bb07e55830969b66a42f86a0e.exe	16
PID 2936 wrote to memory of 1700	2936	1182ec6bb07e55830969b66a42f86a0e.exe	16
PID 2936 wrote to memory of 1700	2936	1182ec6bb07e55830969b66a42f86a0e.exe	16

C:\Users\Admin\AppData\Local\Temp\1182ec6bb07e55830969b66a42f86a0e.exe
"C:\Users\Admin\AppData\Local\Temp\1182ec6bb07e55830969b66a42f86a0e.exe"
1⤵
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 36
  2⤵
  - Program crash
  PID:1700