1c13d4d3af890995486ec6f9d08ddc1c397d96ce21fd7664f42e647b2d1c762e

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:20

Target

1850c11919a6f2c7a9de48381c8d3ffa.exe
Size

67KB
MD5

1850c11919a6f2c7a9de48381c8d3ffa
SHA1

5340010d3b508e8d3808a2942deca9667c6b8889
SHA256

1c13d4d3af890995486ec6f9d08ddc1c397d96ce21fd7664f42e647b2d1c762e
SHA512

537acf283595fefb1ad4155cff86f6973cc3edaa3cf68029a278a3923d03e73c7f9751dfd60fc275458387b89c9f872a83a42bf5935d77386aa99ba48cb29045
SSDEEP

768:Werx2A8f3tIe5zC9tv/b8y9E53oSorRUvCsguxv3Vrpl859ubT3VpcxvSbMHnUTW:yAk3tm+5Kr2CshxHGK7HqUT60ekA

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2772	2704	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 2772	2704	1850c11919a6f2c7a9de48381c8d3ffa.exe	27
PID 2704 wrote to memory of 2772	2704	1850c11919a6f2c7a9de48381c8d3ffa.exe	27
PID 2704 wrote to memory of 2772	2704	1850c11919a6f2c7a9de48381c8d3ffa.exe	27
PID 2704 wrote to memory of 2772	2704	1850c11919a6f2c7a9de48381c8d3ffa.exe	27

C:\Users\Admin\AppData\Local\Temp\1850c11919a6f2c7a9de48381c8d3ffa.exe
"C:\Users\Admin\AppData\Local\Temp\1850c11919a6f2c7a9de48381c8d3ffa.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 148
  2⤵
  - Program crash
  PID:2772