ceb03525c7b2590484edf1255b4c1095bb3e05dfc8ebff34e2e19c33ad6b5d38

Analysis

max time kernel
141s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 13:42

Target

1a616ee505e77491e1e68e9aca739827.exe
Size

127KB
MD5

1a616ee505e77491e1e68e9aca739827
SHA1

8c9219e4ef6134826714d0457ab5c0fb3d0fa6ca
SHA256

ceb03525c7b2590484edf1255b4c1095bb3e05dfc8ebff34e2e19c33ad6b5d38
SHA512

e1ebfe3cb5f7f08e209745f4975291382f69dde7865d8ac5f627a7123cabdfb1e42451684704f358e1858c1a49ca9c91ba6aaa2e3e35bcde39836ac741bcf4f6
SSDEEP

3072:WSFXpe4liG2Atu5hWP9cjIDCSPu+2S0n+o62rXRoiSSR3J1t2:WS/eQiwtumP9cEZPu+2Wo62rXRowlo

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2416	2236	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2416	2236	1a616ee505e77491e1e68e9aca739827.exe	28
PID 2236 wrote to memory of 2416	2236	1a616ee505e77491e1e68e9aca739827.exe	28
PID 2236 wrote to memory of 2416	2236	1a616ee505e77491e1e68e9aca739827.exe	28
PID 2236 wrote to memory of 2416	2236	1a616ee505e77491e1e68e9aca739827.exe	28

C:\Users\Admin\AppData\Local\Temp\1a616ee505e77491e1e68e9aca739827.exe
"C:\Users\Admin\AppData\Local\Temp\1a616ee505e77491e1e68e9aca739827.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 140
  2⤵
  - Program crash
  PID:2416

memory/2236-0-0x0000000000400000-0x0000000000428500-memory.dmp

Filesize
161KB

Download
memory/2236-1-0x0000000000400000-0x0000000000428500-memory.dmp

Filesize
161KB

Download