bfa67e7763d1e5ac33c6d2bf5ecbc73cde55d75ddfd2b621805cd4f1c507ad11

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:42

Target

18dea7412c005cca23f61deef63bb41a.exe
Size

53KB
MD5

18dea7412c005cca23f61deef63bb41a
SHA1

17726fb9adb7a4f03a14b9a547fb7b28956dd3ec
SHA256

bfa67e7763d1e5ac33c6d2bf5ecbc73cde55d75ddfd2b621805cd4f1c507ad11
SHA512

e216b726380232b1b16ed7eb9831226267910df37a4a77d281784133195153b6bb3153680bd75d82a6c1da76b6b062d6a074dad9052cfc81d776838c456288c3
SSDEEP

768:YeSjP6R4Lt3o2i8GMMMQUSZcNg5T5kM72f4uKYMX+6+UDQEJ4jfmRUux5HxET:YeSjP7q8Gp9XTSBKYk+eJ4bAU0bET

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1876	2440	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 1876	2440	18dea7412c005cca23f61deef63bb41a.exe	28
PID 2440 wrote to memory of 1876	2440	18dea7412c005cca23f61deef63bb41a.exe	28
PID 2440 wrote to memory of 1876	2440	18dea7412c005cca23f61deef63bb41a.exe	28
PID 2440 wrote to memory of 1876	2440	18dea7412c005cca23f61deef63bb41a.exe	28

C:\Users\Admin\AppData\Local\Temp\18dea7412c005cca23f61deef63bb41a.exe
"C:\Users\Admin\AppData\Local\Temp\18dea7412c005cca23f61deef63bb41a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 92
  2⤵
  - Program crash
  PID:1876