928fe9e06adccaea749b94e75d3f9c217c147287295fdd274c9b0affc674d8ea

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 03:57

Target

272654562e291bc0ef56b2f31ea1223a.exe
Size

136KB
MD5

272654562e291bc0ef56b2f31ea1223a
SHA1

55522affee4c447094a48ed5e5c797c926d99d26
SHA256

928fe9e06adccaea749b94e75d3f9c217c147287295fdd274c9b0affc674d8ea
SHA512

c4eeda39f07c7fa4010db03401b772d58406ed3f32d149ee45f27b054cea773a537ea7ebea8c68b6470d75f8a1c05c5183b10f34def919274058703be57fefe0
SSDEEP

3072:oZdTvHlg9lcRWgBzrCZVnLMnHwoOAkDKNm7t1y29YXp+9VHyl:oZdTvWcF5SnqRoP7t1F39ol

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
1716	2268	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 1716	2268	272654562e291bc0ef56b2f31ea1223a.exe	14
PID 2268 wrote to memory of 1716	2268	272654562e291bc0ef56b2f31ea1223a.exe	14
PID 2268 wrote to memory of 1716	2268	272654562e291bc0ef56b2f31ea1223a.exe	14
PID 2268 wrote to memory of 1716	2268	272654562e291bc0ef56b2f31ea1223a.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 44
1⤵
- Program crash
PID:1716

C:\Users\Admin\AppData\Local\Temp\272654562e291bc0ef56b2f31ea1223a.exe
"C:\Users\Admin\AppData\Local\Temp\272654562e291bc0ef56b2f31ea1223a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2268

memory/2268-0-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download