40bd0666e533d6a75cc14e8df34e3122f25d6d198acda519d3f32bfe88b68dcf

Analysis

max time kernel
122s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:10

Target

212d21595f59477ba369e3bf2139d1f8.exe
Size

91KB
MD5

212d21595f59477ba369e3bf2139d1f8
SHA1

eb0eda8e32fbeb23fd4f7f15d541a1726e1f0718
SHA256

40bd0666e533d6a75cc14e8df34e3122f25d6d198acda519d3f32bfe88b68dcf
SHA512

ff9fbf83b6635290e50371fe5ba30535838715b0ddb2ce88aac38ae34c80cc803f89d3eeb3731b398588359819c9e6cdf9087580970d462d53b007a90cd41045
SSDEEP

1536:9sikblh4WLb5oW9FnDH+fApdpTBvHir6aOvJ3zhB1EqcCCmmu2Yo6K:9kblbLdo0DH+fKdp5Hy6a0z6qc7ml1K

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1160	3044	WerFault.exe	23

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 1160	3044	212d21595f59477ba369e3bf2139d1f8.exe	28
PID 3044 wrote to memory of 1160	3044	212d21595f59477ba369e3bf2139d1f8.exe	28
PID 3044 wrote to memory of 1160	3044	212d21595f59477ba369e3bf2139d1f8.exe	28
PID 3044 wrote to memory of 1160	3044	212d21595f59477ba369e3bf2139d1f8.exe	28

C:\Users\Admin\AppData\Local\Temp\212d21595f59477ba369e3bf2139d1f8.exe
"C:\Users\Admin\AppData\Local\Temp\212d21595f59477ba369e3bf2139d1f8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 140
  2⤵
  - Program crash
  PID:1160

memory/3044-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3044-1-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download