527aa157df6510894b5354c007c07ecab45bd76353789ea73e05ce9bf5481707

Analysis

max time kernel
121s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 02:49

Target

251eaca00b090a4ae54db5ccdc14430b.exe
Size

293KB
MD5

251eaca00b090a4ae54db5ccdc14430b
SHA1

10f1d41612afa36e0508ecfac2f7cdfdb88d5b00
SHA256

527aa157df6510894b5354c007c07ecab45bd76353789ea73e05ce9bf5481707
SHA512

796fc6b1f94381caa848cb28ae79fc89f29fc2d8c515b7eb66017f6d16cd0cec2bc8376e6380de461519cf1980ae12485a0e87dca0555eb0d7823879a7efd90f
SSDEEP

6144:/PdMcMANEVzGlcEDUl4qaRYVQfJTGbusJRhgnGXcVD7Xm2BeddhMH5VkE:tNEh8cSLqdAsisDhgnGWBBedDMZVh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2792	2692	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2792	2692	251eaca00b090a4ae54db5ccdc14430b.exe	27
PID 2692 wrote to memory of 2792	2692	251eaca00b090a4ae54db5ccdc14430b.exe	27
PID 2692 wrote to memory of 2792	2692	251eaca00b090a4ae54db5ccdc14430b.exe	27
PID 2692 wrote to memory of 2792	2692	251eaca00b090a4ae54db5ccdc14430b.exe	27

C:\Users\Admin\AppData\Local\Temp\251eaca00b090a4ae54db5ccdc14430b.exe
"C:\Users\Admin\AppData\Local\Temp\251eaca00b090a4ae54db5ccdc14430b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 140
  2⤵
  - Program crash
  PID:2792