23e0ec52cef9d815cd340961ffb849da560015c937cb09557018f3f94c4ee5de

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 03:57

Target

272a9670400763fe1bfec8ff2a5d88cc.exe
Size

1.1MB
MD5

272a9670400763fe1bfec8ff2a5d88cc
SHA1

7281a82d64cf839a6b126eb52838be9a769144ca
SHA256

23e0ec52cef9d815cd340961ffb849da560015c937cb09557018f3f94c4ee5de
SHA512

0e5cbe2accda0ffc2cb2477c37f77388923ae6e372fb065c538daba0f4bf4ac837d9d285e46494392714da05788d4e9f6eb3dc0a72c80baeac2161419ce8722f
SSDEEP

24576:gLeuHxK/ozmG72SLv6Oli7toctKL83ndslnY9mhLD4C:gqcU/ozmQ2SLv6Oli7mctMIdshY9mhoC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2328	2364	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2328	2364	272a9670400763fe1bfec8ff2a5d88cc.exe	16
PID 2364 wrote to memory of 2328	2364	272a9670400763fe1bfec8ff2a5d88cc.exe	16
PID 2364 wrote to memory of 2328	2364	272a9670400763fe1bfec8ff2a5d88cc.exe	16
PID 2364 wrote to memory of 2328	2364	272a9670400763fe1bfec8ff2a5d88cc.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 152
1⤵
- Program crash
PID:2328

C:\Users\Admin\AppData\Local\Temp\272a9670400763fe1bfec8ff2a5d88cc.exe
"C:\Users\Admin\AppData\Local\Temp\272a9670400763fe1bfec8ff2a5d88cc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364

memory/2364-0-0x0000000001360000-0x000000000141D000-memory.dmp

Filesize
756KB

Download
memory/2364-1-0x0000000001360000-0x000000000141D000-memory.dmp

Filesize
756KB

Download