2f76b6ff8c48649b4e01c38004acfb6341610799341c6b5106e8e18a737477b2

Analysis

max time kernel
131s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 13:49

Target

1a8ce6271acde7994c55c1ef65ccb961.exe
Size

186KB
MD5

1a8ce6271acde7994c55c1ef65ccb961
SHA1

8600213be2da344a81f33c50a70d2c80d79daa5b
SHA256

2f76b6ff8c48649b4e01c38004acfb6341610799341c6b5106e8e18a737477b2
SHA512

7583bc4d63c93f18da669bffcec8f6479620c941ac92ec530494c632b8d5f5bc3a149c16b7217c47314d6a50f292247deefeb4cd6dfaef6851ac045dd1749ce5
SSDEEP

3072:vOHbBla70lcAo3W1zFqNzg95gUZbuCf7ZxpI+FGJfWa3m4Q5HG:Mb7o0l0Ozszg9+UZ17Z/I+0J53j1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3016	2964	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 3016	2964	1a8ce6271acde7994c55c1ef65ccb961.exe	16
PID 2964 wrote to memory of 3016	2964	1a8ce6271acde7994c55c1ef65ccb961.exe	16
PID 2964 wrote to memory of 3016	2964	1a8ce6271acde7994c55c1ef65ccb961.exe	16
PID 2964 wrote to memory of 3016	2964	1a8ce6271acde7994c55c1ef65ccb961.exe	16

C:\Users\Admin\AppData\Local\Temp\1a8ce6271acde7994c55c1ef65ccb961.exe
"C:\Users\Admin\AppData\Local\Temp\1a8ce6271acde7994c55c1ef65ccb961.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 88
  2⤵
  - Program crash
  PID:3016

memory/2964-3-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2964-2-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/2964-1-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/2964-0-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download