d9b3022177c195d8ef3ff24ad179fff578e1c8bb859b614445694a7f055201dc

Analysis

max time kernel
142s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 10:47

Target

165b941fad488433e714553e27ebbca7.exe
Size

2.3MB
MD5

165b941fad488433e714553e27ebbca7
SHA1

d443419952e77cc91a6975cb9b424fbce60ad273
SHA256

d9b3022177c195d8ef3ff24ad179fff578e1c8bb859b614445694a7f055201dc
SHA512

efefb9a432cb04c47d260c148ee9e7de7de34685bfbf363e817410a4d8fc7aa5764672385612a376f74e06f523c74ff231d3d815a33ac642142128ab8b7dee50
SSDEEP

24576:ASYgTcIaSCWh1XhQcxXosdW+15K08hl5HEZDrHDuf6qPFHzsM/NpeOzGkpgbQT5L:AP0vfTi05cfHQDVaztRT5hvby87QS4K

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2092	1876	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 2092	1876	165b941fad488433e714553e27ebbca7.exe	28
PID 1876 wrote to memory of 2092	1876	165b941fad488433e714553e27ebbca7.exe	28
PID 1876 wrote to memory of 2092	1876	165b941fad488433e714553e27ebbca7.exe	28
PID 1876 wrote to memory of 2092	1876	165b941fad488433e714553e27ebbca7.exe	28

C:\Users\Admin\AppData\Local\Temp\165b941fad488433e714553e27ebbca7.exe
"C:\Users\Admin\AppData\Local\Temp\165b941fad488433e714553e27ebbca7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 288
  2⤵
  - Program crash
  PID:2092

memory/1876-0-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1876-1-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/1876-3-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download