b25cfd61a4e91543215f59a2012b6e82e1fe2394b3063a398dd7caa40f938616

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 01:43

Target

2334d573c32b4880c20bb3d143f955cc.exe
Size

169KB
MD5

2334d573c32b4880c20bb3d143f955cc
SHA1

dd05f241ff2e6b9a4179da027f389ff3b97dbf32
SHA256

b25cfd61a4e91543215f59a2012b6e82e1fe2394b3063a398dd7caa40f938616
SHA512

eb8ea0ffa231bde3a492a1e95520a5b7d91349289de2de72edd59a8b689c945b5c1c100c3b2178f851d21f9fc2be6692b531c8241566ca2e030df078a4196ec6
SSDEEP

3072:ODRic4j1yE1IWR5StlSI2dXeeXt1kFSQE4XHKcQG8hI8awcccUG5quZi1pTJGSa:OgR5IaWFSQVXqcQHI3bV5qmEpTJGSa

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
1572	2476	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 1572	2476	2334d573c32b4880c20bb3d143f955cc.exe	14
PID 2476 wrote to memory of 1572	2476	2334d573c32b4880c20bb3d143f955cc.exe	14
PID 2476 wrote to memory of 1572	2476	2334d573c32b4880c20bb3d143f955cc.exe	14
PID 2476 wrote to memory of 1572	2476	2334d573c32b4880c20bb3d143f955cc.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 36
1⤵
- Program crash
PID:1572

C:\Users\Admin\AppData\Local\Temp\2334d573c32b4880c20bb3d143f955cc.exe
"C:\Users\Admin\AppData\Local\Temp\2334d573c32b4880c20bb3d143f955cc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2476

memory/2476-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download