14685ce17cc1cb1a49fe862092a9f08d97b20ea1d2ac401eb22c9121e5ae5e41

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 11:31

Target

17314f3687cf0165fb1395dc0f694515.exe
Size

312KB
MD5

17314f3687cf0165fb1395dc0f694515
SHA1

059d564c55715742c6f865141933175db778e6ab
SHA256

14685ce17cc1cb1a49fe862092a9f08d97b20ea1d2ac401eb22c9121e5ae5e41
SHA512

c7dc3b133e7616b45882f0242b0c0d4c258b0dd48fef28982e4995332711953f1917ab50379c577b84163277766f9d12fc0b29ea5cbb4aea0b52e437287098ad
SSDEEP

6144:phNH6YBrHjX6Gc75o9ZO9tp4W0DS/eTAj0fPdKm:prdBrLK5IO9tpu6eTAwfPgm

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2936	2672	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2936	2672	17314f3687cf0165fb1395dc0f694515.exe	21
PID 2672 wrote to memory of 2936	2672	17314f3687cf0165fb1395dc0f694515.exe	21
PID 2672 wrote to memory of 2936	2672	17314f3687cf0165fb1395dc0f694515.exe	21
PID 2672 wrote to memory of 2936	2672	17314f3687cf0165fb1395dc0f694515.exe	21

C:\Users\Admin\AppData\Local\Temp\17314f3687cf0165fb1395dc0f694515.exe
"C:\Users\Admin\AppData\Local\Temp\17314f3687cf0165fb1395dc0f694515.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 96
  2⤵
  - Program crash
  PID:2936