376256d36b0628a3d16a83dea8002198e7aa5cdb91b61f6fca9c06878f485c26

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 12:34

Target

18aabcdbf96fd55e214084ad5c477c32.exe
Size

104KB
MD5

18aabcdbf96fd55e214084ad5c477c32
SHA1

adc70c83d82498a83a6fd8757a002fdae55ea5b9
SHA256

376256d36b0628a3d16a83dea8002198e7aa5cdb91b61f6fca9c06878f485c26
SHA512

7d7f974e3c5b988fcbb25fe68863c98928074f96dbfeea679e21cbb3813a7d9e3a2d6e1b7e051967146c638feecc1cb2372107ff4367eb94f31460fe12a8499e
SSDEEP

1536:votbmMeZ+GqoucPT1CIPRRF2hJ9nmOpU5l2C2CE/mRf4lcodHQdz/:nM2+X01FcJ9pUvltf4lDCz

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2204	688	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 688 wrote to memory of 2204	688	18aabcdbf96fd55e214084ad5c477c32.exe	28
PID 688 wrote to memory of 2204	688	18aabcdbf96fd55e214084ad5c477c32.exe	28
PID 688 wrote to memory of 2204	688	18aabcdbf96fd55e214084ad5c477c32.exe	28
PID 688 wrote to memory of 2204	688	18aabcdbf96fd55e214084ad5c477c32.exe	28

C:\Users\Admin\AppData\Local\Temp\18aabcdbf96fd55e214084ad5c477c32.exe
"C:\Users\Admin\AppData\Local\Temp\18aabcdbf96fd55e214084ad5c477c32.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:688
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 36
  2⤵
  - Program crash
  PID:2204

memory/688-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/688-3-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download