9fa11904129f9f1c354b979e89e7c2e81ae3b76a0f9a62e4c925ddb9c6fe7e01

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 13:57

Target

1ac1a7807e69a812d3044757a01aeec2.exe
Size

81KB
MD5

1ac1a7807e69a812d3044757a01aeec2
SHA1

abbcdde8670e31c1e79de55b02428a3dca422bcc
SHA256

9fa11904129f9f1c354b979e89e7c2e81ae3b76a0f9a62e4c925ddb9c6fe7e01
SHA512

baa8e8811f3f221b98e08a3e5573e3ad124ffa19d39885dbc27b11060f5f2c68cd5b008e50daaba5a4261114661b9d04a19c4ed10f13edbc9a427d7769bcd0a3
SSDEEP

1536:dhMo0yf0UJnV95ce7SM88nAjmdbRcCVYocBy6Hgl4dVNqqgZpLzsazg0lC:DMoDDSEFdbnVYot6Hw4dVMZpXh3Q

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2516	1364	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 2516	1364	1ac1a7807e69a812d3044757a01aeec2.exe	14
PID 1364 wrote to memory of 2516	1364	1ac1a7807e69a812d3044757a01aeec2.exe	14
PID 1364 wrote to memory of 2516	1364	1ac1a7807e69a812d3044757a01aeec2.exe	14
PID 1364 wrote to memory of 2516	1364	1ac1a7807e69a812d3044757a01aeec2.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 48
1⤵
- Program crash
PID:2516

C:\Users\Admin\AppData\Local\Temp\1ac1a7807e69a812d3044757a01aeec2.exe
"C:\Users\Admin\AppData\Local\Temp\1ac1a7807e69a812d3044757a01aeec2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1364

memory/1364-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download