c9aad35e0b2c067a89076fd5cc74d467c13e62e5a339f6cd4e865925ce9edb46

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 07:06

Target

11bb7b1337145ab6347db7bbd6a08982.exe
Size

65KB
MD5

11bb7b1337145ab6347db7bbd6a08982
SHA1

0f9beacf8495dc8c77afbcae23bcbb6a997c18d7
SHA256

c9aad35e0b2c067a89076fd5cc74d467c13e62e5a339f6cd4e865925ce9edb46
SHA512

5feac82564ae977bafb6beaeb6d33b3abffd47fb7f373516472848c439890a96fb098611567a0fada8850109405f0f3b334b07319e23dfbd01070be0d7156b3f
SSDEEP

768:kJzqBI7DrIVnefS1j9xtPnCR97YLiexbysR36qxjT6e0tZEbsDdGmLhPH7UO1OWt:kB6IXEaSeYL99V3rjT6pZE5mLKWvfW0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2000	2884	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2000	2884	11bb7b1337145ab6347db7bbd6a08982.exe	16
PID 2884 wrote to memory of 2000	2884	11bb7b1337145ab6347db7bbd6a08982.exe	16
PID 2884 wrote to memory of 2000	2884	11bb7b1337145ab6347db7bbd6a08982.exe	16
PID 2884 wrote to memory of 2000	2884	11bb7b1337145ab6347db7bbd6a08982.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 148
1⤵
- Program crash
PID:2000

C:\Users\Admin\AppData\Local\Temp\11bb7b1337145ab6347db7bbd6a08982.exe
"C:\Users\Admin\AppData\Local\Temp\11bb7b1337145ab6347db7bbd6a08982.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2884

memory/2884-0-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download