0bd75ab283983f9dad606a13515c010172f7f490385b7dc2f8502ce71c29aa9a

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 07:42

Target

12708121c084d51bbd38f828da633994.exe
Size

56KB
MD5

12708121c084d51bbd38f828da633994
SHA1

21ce8be9c916e0bcb3d3aa1e90c65b99ca91ff60
SHA256

0bd75ab283983f9dad606a13515c010172f7f490385b7dc2f8502ce71c29aa9a
SHA512

83196acf88f964736ddaa5a01831b0897dc403c9d023dfca05a16aa87798cda14579e85abb0d9d7d20d91dd3d31a5577299c69190c03b874bdf3dce664f38a6b
SSDEEP

1536:PT6UmhibLWnoWrutP9SMt1JR5/v9yM5LwW2AZIaBfzorcP:76UR11HDX/vQiLrLZIgzoYP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2520	2248	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2520	2248	12708121c084d51bbd38f828da633994.exe	14
PID 2248 wrote to memory of 2520	2248	12708121c084d51bbd38f828da633994.exe	14
PID 2248 wrote to memory of 2520	2248	12708121c084d51bbd38f828da633994.exe	14
PID 2248 wrote to memory of 2520	2248	12708121c084d51bbd38f828da633994.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 108
1⤵
- Program crash
PID:2520

C:\Users\Admin\AppData\Local\Temp\12708121c084d51bbd38f828da633994.exe
"C:\Users\Admin\AppData\Local\Temp\12708121c084d51bbd38f828da633994.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2248

memory/2248-2-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2248-1-0x0000000000220000-0x0000000000222000-memory.dmp

Filesize
8KB

Download
memory/2248-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download