231c472623d84c9a8fccc39d6d52976fa47952667f5fc454845129b15c3cbd00

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 06:25

Target

2ba779ad1c45c224c4f73d80e2033c1f.exe
Size

15KB
MD5

2ba779ad1c45c224c4f73d80e2033c1f
SHA1

2f3ca3722912b4b3932a321d282792b3d35c9a97
SHA256

231c472623d84c9a8fccc39d6d52976fa47952667f5fc454845129b15c3cbd00
SHA512

66f28c3513b78d0a12f84c2b2d30ef3e08414222e1c72cca4a97ad439dfe04f0ed067c9f9e919185aad4a4f8dacae3bc3e9fcd3b47648fe72af4412a7de1185d
SSDEEP

384:e8IxScnmXjJ3d4UrefchutuZGVk1jEHhVXC95OXK7e4i:szwzrZhut0G21wHh495Oa7e5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1108	2316	WerFault.exe	13

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 1108	2316	2ba779ad1c45c224c4f73d80e2033c1f.exe	28
PID 2316 wrote to memory of 1108	2316	2ba779ad1c45c224c4f73d80e2033c1f.exe	28
PID 2316 wrote to memory of 1108	2316	2ba779ad1c45c224c4f73d80e2033c1f.exe	28
PID 2316 wrote to memory of 1108	2316	2ba779ad1c45c224c4f73d80e2033c1f.exe	28

C:\Users\Admin\AppData\Local\Temp\2ba779ad1c45c224c4f73d80e2033c1f.exe
"C:\Users\Admin\AppData\Local\Temp\2ba779ad1c45c224c4f73d80e2033c1f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 36
  2⤵
  - Program crash
  PID:1108

memory/2316-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2316-1-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download