4c9807812aa2856da57e2d1d0e8511d9fe5bbeb7bb6c2981008152d2726a1cb0

Analysis

max time kernel
110s
max time network
43s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 02:30

Target

248a1078b1dff82260746fe4bfa1bf05.exe
Size

63KB
MD5

248a1078b1dff82260746fe4bfa1bf05
SHA1

4a3c80b4ddd747a9cf2c0dee81bfdd4eed874015
SHA256

4c9807812aa2856da57e2d1d0e8511d9fe5bbeb7bb6c2981008152d2726a1cb0
SHA512

220710baa88137156095474142b0e240670c26a988e737241e0ea5d4aadb3eaae9a4c9ed42a45d106da9d7b27ebfc8acf970e9ad1ce2a86dd330204fd6aefd5a
SSDEEP

768:AIASdoN+bTSyJK8U+5JcMQe3k5ZxciocvWDpA7ruowPd6HxHu3xqyTb+JP0uGv51:QYFFXJi5KpxzcKqPvGECJ+lmAmojrenf

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1160	3036	WerFault.exe	24

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 1160	3036	248a1078b1dff82260746fe4bfa1bf05.exe	27
PID 3036 wrote to memory of 1160	3036	248a1078b1dff82260746fe4bfa1bf05.exe	27
PID 3036 wrote to memory of 1160	3036	248a1078b1dff82260746fe4bfa1bf05.exe	27
PID 3036 wrote to memory of 1160	3036	248a1078b1dff82260746fe4bfa1bf05.exe	27

C:\Users\Admin\AppData\Local\Temp\248a1078b1dff82260746fe4bfa1bf05.exe
"C:\Users\Admin\AppData\Local\Temp\248a1078b1dff82260746fe4bfa1bf05.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 36
  2⤵
  - Program crash
  PID:1160

memory/3036-0-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3036-1-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download