bdd7b9a8318dc03158f0230b98dad25fd7a0f46c6a2741c862811f4bafdbc8ea

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 02:05

Target

23d6e1bc35d9e6e02ffe70e96fa598c8.exe
Size

58KB
MD5

23d6e1bc35d9e6e02ffe70e96fa598c8
SHA1

0095df989c834d6ed14fc933ab0111587b89f59b
SHA256

bdd7b9a8318dc03158f0230b98dad25fd7a0f46c6a2741c862811f4bafdbc8ea
SHA512

8bda55dc0cfd60d59286ae439c2ea2df4e88574c10c359868e1083661062517a88dafd11b2bf4b21825d6a550a2a01884c5e943e9db86853e0e3ec1bac27309a
SSDEEP

768:hm0on6HGavZUPQffoaFNnioNQpMGZXlFPVrqX9zm3yr53nm5GMuMNCNaAJ:4V6HGavzgamfRK9zm30dnvfM2aS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2288	828	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 828 wrote to memory of 2288	828	23d6e1bc35d9e6e02ffe70e96fa598c8.exe	28
PID 828 wrote to memory of 2288	828	23d6e1bc35d9e6e02ffe70e96fa598c8.exe	28
PID 828 wrote to memory of 2288	828	23d6e1bc35d9e6e02ffe70e96fa598c8.exe	28
PID 828 wrote to memory of 2288	828	23d6e1bc35d9e6e02ffe70e96fa598c8.exe	28

C:\Users\Admin\AppData\Local\Temp\23d6e1bc35d9e6e02ffe70e96fa598c8.exe
"C:\Users\Admin\AppData\Local\Temp\23d6e1bc35d9e6e02ffe70e96fa598c8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:828
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 36
  2⤵
  - Program crash
  PID:2288

memory/828-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/828-1-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download