9b3f388243b794921858cc4407791cefbc5f963e67bb09d9a0ccdba0d91fa7e8

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 10:32

Target

16024b312b16e577d4ac87e79ccb79e1.exe
Size

87KB
MD5

16024b312b16e577d4ac87e79ccb79e1
SHA1

4e92cdfd6c00b76e85632bf5a5f4cd644c3ff0d4
SHA256

9b3f388243b794921858cc4407791cefbc5f963e67bb09d9a0ccdba0d91fa7e8
SHA512

efa3f0f31757c89607bcc95cf7fc5d7963670803d743294a53eac622c0f092eaf5f4802066cdd9a4211732d15ea7377f6f2746dd4521ea7267c6db9a1c43fae3
SSDEEP

1536:nIOZAW+AfPoKR2m7QXwa0ihfkL9+HMCLSJ3NvXIvNapmsfRHzzOQGfi6z7j2nkUY:Iy+s77kf5Mfvw1a4sZPVGfnz/2T8XF6O

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2552	1516	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 2552	1516	16024b312b16e577d4ac87e79ccb79e1.exe	28
PID 1516 wrote to memory of 2552	1516	16024b312b16e577d4ac87e79ccb79e1.exe	28
PID 1516 wrote to memory of 2552	1516	16024b312b16e577d4ac87e79ccb79e1.exe	28
PID 1516 wrote to memory of 2552	1516	16024b312b16e577d4ac87e79ccb79e1.exe	28

C:\Users\Admin\AppData\Local\Temp\16024b312b16e577d4ac87e79ccb79e1.exe
"C:\Users\Admin\AppData\Local\Temp\16024b312b16e577d4ac87e79ccb79e1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 128
  2⤵
  - Program crash
  PID:2552

memory/1516-0-0x0000000000220000-0x0000000000235000-memory.dmp

Filesize
84KB

Download
memory/1516-1-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download