07743330364ebaa27af68aa58b93f0b81a9fe746af54201d87db78354c291141

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:30

Target

2a0fcbb15bc60bab218652eb94b2aba9.exe
Size

14KB
MD5

2a0fcbb15bc60bab218652eb94b2aba9
SHA1

16664557f0005642dc727b4387994bca36399010
SHA256

07743330364ebaa27af68aa58b93f0b81a9fe746af54201d87db78354c291141
SHA512

e73c3a53bc54939e83462026b728e8f7c37c930e9ca383d53ee543e63b6daa87ad5016d7020215de6f19ff5db78ff19e66afe8fe57e97bd677d660f24f451429
SSDEEP

384:eWtMWKVbZb7OmeuZ2vDYtZIBekZAC2MOpKTRd52CAw3Wj:tgFIm7Z20ZI9ZAzX0d5bAw3+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2192	1876	WerFault.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 2192	1876	2a0fcbb15bc60bab218652eb94b2aba9.exe	14
PID 1876 wrote to memory of 2192	1876	2a0fcbb15bc60bab218652eb94b2aba9.exe	14
PID 1876 wrote to memory of 2192	1876	2a0fcbb15bc60bab218652eb94b2aba9.exe	14
PID 1876 wrote to memory of 2192	1876	2a0fcbb15bc60bab218652eb94b2aba9.exe	14
PID 1876 wrote to memory of 2192	1876	2a0fcbb15bc60bab218652eb94b2aba9.exe	14
PID 1876 wrote to memory of 2192	1876	2a0fcbb15bc60bab218652eb94b2aba9.exe	14
PID 1876 wrote to memory of 2192	1876	2a0fcbb15bc60bab218652eb94b2aba9.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 252
1⤵
- Program crash
PID:2192

C:\Users\Admin\AppData\Local\Temp\2a0fcbb15bc60bab218652eb94b2aba9.exe
"C:\Users\Admin\AppData\Local\Temp\2a0fcbb15bc60bab218652eb94b2aba9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1876

memory/1876-3-0x0000000000020000-0x000000000002E000-memory.dmp

Filesize
56KB

Download
memory/1876-2-0x0000000000020000-0x000000000002E000-memory.dmp

Filesize
56KB

Download
memory/1876-1-0x0000000000020000-0x000000000002E000-memory.dmp

Filesize
56KB

Download
memory/1876-0-0x0000000013140000-0x000000001314E000-memory.dmp

Filesize
56KB

Download
memory/1876-4-0x0000000013140000-0x000000001314E000-memory.dmp

Filesize
56KB

Download
memory/1876-5-0x0000000000020000-0x000000000002E000-memory.dmp

Filesize
56KB

Download
memory/1876-7-0x0000000000020000-0x000000000002E000-memory.dmp

Filesize
56KB

Download
memory/1876-6-0x0000000000020000-0x000000000002E000-memory.dmp

Filesize
56KB

Download