263e57d3b19e57fe80c10a591097b86a62e8986aa313d5edbfd826d99bf9df2e

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 13:40

Target

1a501cdeb52aa0efebae52e62f4c6565.exe
Size

39KB
MD5

1a501cdeb52aa0efebae52e62f4c6565
SHA1

d8ebcfcaaa23a66708bd6c16a4b7bfdc78a40eb4
SHA256

263e57d3b19e57fe80c10a591097b86a62e8986aa313d5edbfd826d99bf9df2e
SHA512

f566ade6a58cf42a973e3701ef0eb44ab448f496b911ab6e566f244cd45d27eaf5bf634636a55e9c72f17fa562e0737afd89a13431cc3542999e17185733603d
SSDEEP

768:FravPCfffUeBIo5TYDYBX86q5LvIVvkAreDNtvY8fgX:FcPus7wYDYBMttvmkAre1y

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1208	2024	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1208	2024	1a501cdeb52aa0efebae52e62f4c6565.exe	28
PID 2024 wrote to memory of 1208	2024	1a501cdeb52aa0efebae52e62f4c6565.exe	28
PID 2024 wrote to memory of 1208	2024	1a501cdeb52aa0efebae52e62f4c6565.exe	28
PID 2024 wrote to memory of 1208	2024	1a501cdeb52aa0efebae52e62f4c6565.exe	28

C:\Users\Admin\AppData\Local\Temp\1a501cdeb52aa0efebae52e62f4c6565.exe
"C:\Users\Admin\AppData\Local\Temp\1a501cdeb52aa0efebae52e62f4c6565.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 48
  2⤵
  - Program crash
  PID:1208