cb8b998d2c6941973d75412baacd68ae12ae293e102b56d4053513da08a90e4d

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 11:00

Target

16a1bede1e7a4b8cb2b17dd6784556ff.exe
Size

8KB
MD5

16a1bede1e7a4b8cb2b17dd6784556ff
SHA1

a72b59becdf34cfcaf6f9026b9977dc78ffc2288
SHA256

cb8b998d2c6941973d75412baacd68ae12ae293e102b56d4053513da08a90e4d
SHA512

bb8075b10e1001380007a023f3569c10c4ef975de6458b64e8f534c34ac9ca081f7136db7788181bd3fb0c1aa948a6cc91f8f6dc2bf55cbd276b451416f1cf9b
SSDEEP

96:vkvHBoG+QHMhckYPTIi/Ms7/QYM5kY7fnWZ+gJjEUre6rmYnFvWpn:vkSG+QH6bOC5kKu0Kjjre6KYnFvG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2672	2400	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2672	2400	16a1bede1e7a4b8cb2b17dd6784556ff.exe	28
PID 2400 wrote to memory of 2672	2400	16a1bede1e7a4b8cb2b17dd6784556ff.exe	28
PID 2400 wrote to memory of 2672	2400	16a1bede1e7a4b8cb2b17dd6784556ff.exe	28
PID 2400 wrote to memory of 2672	2400	16a1bede1e7a4b8cb2b17dd6784556ff.exe	28

C:\Users\Admin\AppData\Local\Temp\16a1bede1e7a4b8cb2b17dd6784556ff.exe
"C:\Users\Admin\AppData\Local\Temp\16a1bede1e7a4b8cb2b17dd6784556ff.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 48
  2⤵
  - Program crash
  PID:2672