34a6c2820112e6ea2e70e130fad963e3e405fbc378e502d29d067dc783a5972c

Analysis

max time kernel
118s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 13:07

Target

19785e9fc3fcaf015fe9700a9f5c78b1.exe
Size

413KB
MD5

19785e9fc3fcaf015fe9700a9f5c78b1
SHA1

cbd6d35a388811d362c860b16cafedfbde505e88
SHA256

34a6c2820112e6ea2e70e130fad963e3e405fbc378e502d29d067dc783a5972c
SHA512

67ce0d29333841a7bc7f56c5312807a316b2865da8e8078b1e8303c91c057591e997dfdb62d44974111555daccf958f77c8e502df8376028253b607210eae32f
SSDEEP

6144:MYUTSKe45+GWh9dTX2adDWw1Turojl9IFsANJLmfBrm:MFSr45mh9hrl4roZ9IaBrm

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3068	3056	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 3068	3056	19785e9fc3fcaf015fe9700a9f5c78b1.exe	23
PID 3056 wrote to memory of 3068	3056	19785e9fc3fcaf015fe9700a9f5c78b1.exe	23
PID 3056 wrote to memory of 3068	3056	19785e9fc3fcaf015fe9700a9f5c78b1.exe	23
PID 3056 wrote to memory of 3068	3056	19785e9fc3fcaf015fe9700a9f5c78b1.exe	23

C:\Users\Admin\AppData\Local\Temp\19785e9fc3fcaf015fe9700a9f5c78b1.exe
"C:\Users\Admin\AppData\Local\Temp\19785e9fc3fcaf015fe9700a9f5c78b1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 116
  2⤵
  - Program crash
  PID:3068

memory/3056-0-0x0000000001360000-0x00000000013CB000-memory.dmp

Filesize
428KB

Download