27cf3b3a55afe7bc83797792c49f6b2f8cd0106607d4e309990d9356845e637c

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:24

Target

18701264bf4d804bb5222976e525dc79.exe
Size

422KB
MD5

18701264bf4d804bb5222976e525dc79
SHA1

196f735c4582847923707f1c5c0b5ba8bf4a269d
SHA256

27cf3b3a55afe7bc83797792c49f6b2f8cd0106607d4e309990d9356845e637c
SHA512

c6f4615eb1abf0f0aa16b6a3609f388112f1206c1c1da3cd1f139b527874e78d8beb6920438c780fd660795319d1546cc4b5a2f97c98b9c74e590da4427ed07e
SSDEEP

6144:ykB1INZdWaFzaE7mDGg7Y4+MFyBPys80G5sEOi9Ri9na5UVx3:ykBgdW/E7mDGg8xMkBp80GiZa5UVh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2304	2356	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2304	2356	18701264bf4d804bb5222976e525dc79.exe	28
PID 2356 wrote to memory of 2304	2356	18701264bf4d804bb5222976e525dc79.exe	28
PID 2356 wrote to memory of 2304	2356	18701264bf4d804bb5222976e525dc79.exe	28
PID 2356 wrote to memory of 2304	2356	18701264bf4d804bb5222976e525dc79.exe	28

C:\Users\Admin\AppData\Local\Temp\18701264bf4d804bb5222976e525dc79.exe
"C:\Users\Admin\AppData\Local\Temp\18701264bf4d804bb5222976e525dc79.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 116
  2⤵
  - Program crash
  PID:2304

memory/2356-0-0x0000000000100000-0x000000000016E000-memory.dmp

Filesize
440KB

Download