1ac3aed1a02537aa69f9244cc8048e4ecf4d532414f3be06869241fc9ae0c1ed

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 11:05

Target

16b8ad70b52387f5359cc38b6e236633.exe
Size

8KB
MD5

16b8ad70b52387f5359cc38b6e236633
SHA1

02a6d8bc5d26007f355a3893f1ee653bbf5136d7
SHA256

1ac3aed1a02537aa69f9244cc8048e4ecf4d532414f3be06869241fc9ae0c1ed
SHA512

1b5afa4557398a38befd67bdb2d06fa6e90a06445d0fce93b21480ed126ba7ab7cf81a7900304a326b80eb91b9d63181404cc0885f470ec1e718137735541c09
SSDEEP

192:CwEST3hEBbwzt5s5v133moowOb3+1TbgwTAffbxbfWvPBfeRql:6Szyut5sBmooaTsaArhYPBf3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2536	2512	WerFault.exe	18

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2536	2512	16b8ad70b52387f5359cc38b6e236633.exe	28
PID 2512 wrote to memory of 2536	2512	16b8ad70b52387f5359cc38b6e236633.exe	28
PID 2512 wrote to memory of 2536	2512	16b8ad70b52387f5359cc38b6e236633.exe	28
PID 2512 wrote to memory of 2536	2512	16b8ad70b52387f5359cc38b6e236633.exe	28

C:\Users\Admin\AppData\Local\Temp\16b8ad70b52387f5359cc38b6e236633.exe
"C:\Users\Admin\AppData\Local\Temp\16b8ad70b52387f5359cc38b6e236633.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 116
  2⤵
  - Program crash
  PID:2536

memory/2512-0-0x0000000000400000-0x00000000004041FC-memory.dmp

Filesize
16KB

Download
memory/2512-1-0x0000000000400000-0x00000000004041FC-memory.dmp

Filesize
16KB

Download