91643c3eb827708e4e39b070b3239d35f394da46f7d50760bfd19a68bd69656b

Analysis

max time kernel
156s
max time network
140s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:56

Target

225df107f273aec4d53dae85ee7a9fd7.exe
Size

76KB
MD5

225df107f273aec4d53dae85ee7a9fd7
SHA1

17030b366f3453951f5a5f39728f6df7d8a58aca
SHA256

91643c3eb827708e4e39b070b3239d35f394da46f7d50760bfd19a68bd69656b
SHA512

bc2b2adcdf936dd375e4348be67e7ce88254fb92b1da955d6b78425d969f7b694502e8fec0468bc48b9901d4636e8be63b85635d0a5f35b2906b24038e3540da
SSDEEP

1536:42H3ghyOkEhYv11BKCHJbIsxoTv8r6+UTam6h7qfLOegdpGO:7HajYvJZpcDT8r6bTOegr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2820	1900	WerFault.exe	13

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2820	1900	225df107f273aec4d53dae85ee7a9fd7.exe	27
PID 1900 wrote to memory of 2820	1900	225df107f273aec4d53dae85ee7a9fd7.exe	27
PID 1900 wrote to memory of 2820	1900	225df107f273aec4d53dae85ee7a9fd7.exe	27
PID 1900 wrote to memory of 2820	1900	225df107f273aec4d53dae85ee7a9fd7.exe	27

C:\Users\Admin\AppData\Local\Temp\225df107f273aec4d53dae85ee7a9fd7.exe
"C:\Users\Admin\AppData\Local\Temp\225df107f273aec4d53dae85ee7a9fd7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 128
  2⤵
  - Program crash
  PID:2820

memory/1900-0-0x00000000001B0000-0x00000000001C2000-memory.dmp

Filesize
72KB

Download
memory/1900-1-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download