60fe1fe3a3bec724bc90f010d8b3cf85e87c0a60d39ffdee99365a97892b629c

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 03:58

Target

273604931744246705feec854d776aff.exe
Size

738KB
MD5

273604931744246705feec854d776aff
SHA1

7445e656184f5898488424aa24e6c754a2fe8110
SHA256

60fe1fe3a3bec724bc90f010d8b3cf85e87c0a60d39ffdee99365a97892b629c
SHA512

433c52b4b66743ff7208c70ae02b2835912f89edacf2cd765cf12baeae7e57f8d226b30f70a1a3d591467a4c999c4ce19239c6182f5f9328bb4cd540cb28225f
SSDEEP

12288:BAwSfxL/2Dc3WDLLmt0LDQewsHj7cLppsC3IrKf/ugohbZZfY5NK/w56VEp:ifewsHj7clXtf/6t+5New57

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2444	1732	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2444	1732	273604931744246705feec854d776aff.exe	18
PID 1732 wrote to memory of 2444	1732	273604931744246705feec854d776aff.exe	18
PID 1732 wrote to memory of 2444	1732	273604931744246705feec854d776aff.exe	18
PID 1732 wrote to memory of 2444	1732	273604931744246705feec854d776aff.exe	18

C:\Users\Admin\AppData\Local\Temp\273604931744246705feec854d776aff.exe
"C:\Users\Admin\AppData\Local\Temp\273604931744246705feec854d776aff.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 124
  2⤵
  - Program crash
  PID:2444

memory/1732-0-0x0000000000380000-0x000000000046F000-memory.dmp

Filesize
956KB

Download
memory/1732-1-0x0000000000380000-0x000000000046F000-memory.dmp

Filesize
956KB

Download
memory/1732-2-0x0000000000380000-0x000000000046F000-memory.dmp

Filesize
956KB

Download