e598097dcc5b1c4b67b99854e70d95a562ea9f8971e869b4c7d01736839360f9

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 14:20

Target

1b3ce4a5419488cb8fc6618d7c80eece.exe
Size

321KB
MD5

1b3ce4a5419488cb8fc6618d7c80eece
SHA1

9e75dd1dd7063bbe6ff2643766eee4a9c43d6d86
SHA256

e598097dcc5b1c4b67b99854e70d95a562ea9f8971e869b4c7d01736839360f9
SHA512

451f84fe24c9b2809e12cc3849176f6b538105ac0989a193828128e78518c8ec19b4dc30854d2659d0e40dcbff95e1d9e2457f4f38992b53c85da39ad7270f25
SSDEEP

6144:OTj1OTEKnsub1upoH7td/tQqG56Prd3Z5NBA3r14lJDNIl:OFOoKnsub6oHprG5+3a7STY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2216	2072	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2216	2072	1b3ce4a5419488cb8fc6618d7c80eece.exe	28
PID 2072 wrote to memory of 2216	2072	1b3ce4a5419488cb8fc6618d7c80eece.exe	28
PID 2072 wrote to memory of 2216	2072	1b3ce4a5419488cb8fc6618d7c80eece.exe	28
PID 2072 wrote to memory of 2216	2072	1b3ce4a5419488cb8fc6618d7c80eece.exe	28

C:\Users\Admin\AppData\Local\Temp\1b3ce4a5419488cb8fc6618d7c80eece.exe
"C:\Users\Admin\AppData\Local\Temp\1b3ce4a5419488cb8fc6618d7c80eece.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 116
  2⤵
  - Program crash
  PID:2216

memory/2072-0-0x0000000001120000-0x0000000001175000-memory.dmp

Filesize
340KB

Download