21e6b92ff3ae6ff42168f336d1b16f57697de6cc03fdc6b49ab6af82c0bff905

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 13:55

Target

1ab38aa18b9433b7f3c41171e05aba12.exe
Size

908KB
MD5

1ab38aa18b9433b7f3c41171e05aba12
SHA1

5474435de90cc8f3ed4d77a273ce5f459c91a23e
SHA256

21e6b92ff3ae6ff42168f336d1b16f57697de6cc03fdc6b49ab6af82c0bff905
SHA512

09fbed425507b5d20698c854125bd7c7d5632bb4b7f27652007c72b571898bb451068c47df2b2f400fc773162f849d972b978b906f80ba9640115f2fd7c663f9
SSDEEP

24576:ZgkPnXqTXd/juSyG0uHWm91TE4tUtXz4mEOvfBCUlXFwY63:ZVOd9yG0u2c12z7BCCVw1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2316	2108	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2316	2108	1ab38aa18b9433b7f3c41171e05aba12.exe	14
PID 2108 wrote to memory of 2316	2108	1ab38aa18b9433b7f3c41171e05aba12.exe	14
PID 2108 wrote to memory of 2316	2108	1ab38aa18b9433b7f3c41171e05aba12.exe	14
PID 2108 wrote to memory of 2316	2108	1ab38aa18b9433b7f3c41171e05aba12.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 164
1⤵
- Program crash
PID:2316

C:\Users\Admin\AppData\Local\Temp\1ab38aa18b9433b7f3c41171e05aba12.exe
"C:\Users\Admin\AppData\Local\Temp\1ab38aa18b9433b7f3c41171e05aba12.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2108