69598c5e84c4ea7ad49ffd9891ba1853c714a9ffa3ee5246c7274d1b3bc9f3e5

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 11:12

Target

16dab65ff69b489b0c5c4eb1242dd51c.exe
Size

1.8MB
MD5

16dab65ff69b489b0c5c4eb1242dd51c
SHA1

124c9ffca4f669b30e89b7189853db9937bdc865
SHA256

69598c5e84c4ea7ad49ffd9891ba1853c714a9ffa3ee5246c7274d1b3bc9f3e5
SHA512

4c7722f9b4189f9122981f5b87b4c01f4c4066aa8f9152164c8a32f0b114e5e9f73a660998b04314d8064cffca330cd0aa026cc6aea1cb1a12fb232ae185280e
SSDEEP

24576:QJUHr9AH6TVhalNtPbLkPwfsyy/12M0oOEuvHDkEQFzYSP2XJ4sAGM:JmHSVhAFbU/tOOEkSW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1112	2216	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 1112	2216	16dab65ff69b489b0c5c4eb1242dd51c.exe	21
PID 2216 wrote to memory of 1112	2216	16dab65ff69b489b0c5c4eb1242dd51c.exe	21
PID 2216 wrote to memory of 1112	2216	16dab65ff69b489b0c5c4eb1242dd51c.exe	21
PID 2216 wrote to memory of 1112	2216	16dab65ff69b489b0c5c4eb1242dd51c.exe	21

C:\Users\Admin\AppData\Local\Temp\16dab65ff69b489b0c5c4eb1242dd51c.exe
"C:\Users\Admin\AppData\Local\Temp\16dab65ff69b489b0c5c4eb1242dd51c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 628
  2⤵
  - Program crash
  PID:1112

memory/2216-1-0x0000000073F10000-0x00000000745FE000-memory.dmp

Filesize
6.9MB

Download
memory/2216-0-0x0000000000A00000-0x0000000000BD6000-memory.dmp

Filesize
1.8MB

Download
memory/2216-2-0x0000000004930000-0x0000000004970000-memory.dmp

Filesize
256KB

Download
memory/2216-3-0x0000000073F10000-0x00000000745FE000-memory.dmp

Filesize
6.9MB

Download
memory/2216-4-0x0000000004930000-0x0000000004970000-memory.dmp

Filesize
256KB

Download