65911b297f1b82db901b8a677daea9d2931625bc4e20349931a8f48e98e7bfa8

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 11:01

Target

16a67fa94d9ed1c8518d4f2ed3801dc1.exe
Size

244KB
MD5

16a67fa94d9ed1c8518d4f2ed3801dc1
SHA1

ac23070113f7c080ae42916fb834f94c5c132bc0
SHA256

65911b297f1b82db901b8a677daea9d2931625bc4e20349931a8f48e98e7bfa8
SHA512

a7e4e09fdf2132204a3b792f0900c64353be5bc16571b70b3b252814da141f3fcce1b264fb87faa49cf93263e781ea2c050758065874edd69eeaddb2d7715479
SSDEEP

3072:c3D3adAho4QxDQRnMVrpH1UJSJ4olULB9MOrBrWgOrkk:c3D3ThBQxDSnSWm4uUdBqr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2496	2244	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2496	2244	16a67fa94d9ed1c8518d4f2ed3801dc1.exe	28
PID 2244 wrote to memory of 2496	2244	16a67fa94d9ed1c8518d4f2ed3801dc1.exe	28
PID 2244 wrote to memory of 2496	2244	16a67fa94d9ed1c8518d4f2ed3801dc1.exe	28
PID 2244 wrote to memory of 2496	2244	16a67fa94d9ed1c8518d4f2ed3801dc1.exe	28

C:\Users\Admin\AppData\Local\Temp\16a67fa94d9ed1c8518d4f2ed3801dc1.exe
"C:\Users\Admin\AppData\Local\Temp\16a67fa94d9ed1c8518d4f2ed3801dc1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 36
  2⤵
  - Program crash
  PID:2496

memory/2244-0-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download