349673ba3afcc7cc81dc16371f7617b863fca0be87ab4e5472d51ec0760cc4af

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:12

Target

213cb80c7b3c60d47990c1d172d08247.exe
Size

11KB
MD5

213cb80c7b3c60d47990c1d172d08247
SHA1

b2b2f918053ab527dafd097f1cfde7de9dddc994
SHA256

349673ba3afcc7cc81dc16371f7617b863fca0be87ab4e5472d51ec0760cc4af
SHA512

65d6a6ec3743d7adb9863e640f3a2448da0c606b322b1a30712e65615e1385295fbfb93f675609a6471a66f9128506802af399b44cd6d9c706ce2be3fceadbad
SSDEEP

192:a4DUwJ62VJt9ebGeYFJkAqVC0nwdHQA3yFScDm6Pj7eACiDW3WeJTv5:a4DUF26bGeYqrnwxcC6L7vCznVv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2204	2364	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2204	2364	213cb80c7b3c60d47990c1d172d08247.exe	16
PID 2364 wrote to memory of 2204	2364	213cb80c7b3c60d47990c1d172d08247.exe	16
PID 2364 wrote to memory of 2204	2364	213cb80c7b3c60d47990c1d172d08247.exe	16
PID 2364 wrote to memory of 2204	2364	213cb80c7b3c60d47990c1d172d08247.exe	16

C:\Users\Admin\AppData\Local\Temp\213cb80c7b3c60d47990c1d172d08247.exe
"C:\Users\Admin\AppData\Local\Temp\213cb80c7b3c60d47990c1d172d08247.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 36
  2⤵
  - Program crash
  PID:2204

memory/2364-0-0x0000000009000000-0x0000000009005000-memory.dmp

Filesize
20KB

Download