f94cfd8ab58629f8ee069d7c90c0abf62288fa5a2f9f4e3bf6e324e406535a80

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:35

Target

18b520bb97c0412c733d6dbe8b37b258.exe
Size

369KB
MD5

18b520bb97c0412c733d6dbe8b37b258
SHA1

e6231b0273f4ea079664864b30c814049d2d3166
SHA256

f94cfd8ab58629f8ee069d7c90c0abf62288fa5a2f9f4e3bf6e324e406535a80
SHA512

e2e3abbb645d1691dd4a8990e820f35ce2356017e5e626fc9f9443f2bf7884cf12d15040f469216bf513dcf6c2e14a7b2566fa5bcb33b0978c9690859edb381f
SSDEEP

6144:oyGSJaTjrFaZrop7WyBGkT99wlm8a9vEGGCOZVU+iOutYGSxegt78CElL6YLy:oyETlaZMp7WyIY8l2XGCOZV9iOu6GEOI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1828	2300	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 1828	2300	18b520bb97c0412c733d6dbe8b37b258.exe	28
PID 2300 wrote to memory of 1828	2300	18b520bb97c0412c733d6dbe8b37b258.exe	28
PID 2300 wrote to memory of 1828	2300	18b520bb97c0412c733d6dbe8b37b258.exe	28
PID 2300 wrote to memory of 1828	2300	18b520bb97c0412c733d6dbe8b37b258.exe	28

C:\Users\Admin\AppData\Local\Temp\18b520bb97c0412c733d6dbe8b37b258.exe
"C:\Users\Admin\AppData\Local\Temp\18b520bb97c0412c733d6dbe8b37b258.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 204
  2⤵
  - Program crash
  PID:1828

memory/2300-0-0x0000000000400000-0x000000000057D000-memory.dmp

Filesize
1.5MB

Download
memory/2300-1-0x0000000000400000-0x000000000057D000-memory.dmp

Filesize
1.5MB

Download