0b504e97853ce2c336585ed44f346565a253223025d4fb2bffd5c97b2d6ff970

Analysis

max time kernel
121s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:40

Target

2a66243fddfbe8c8c323ed6fe8c2335c.exe
Size

353KB
MD5

2a66243fddfbe8c8c323ed6fe8c2335c
SHA1

53e48cae77dff4465acc1b0edcda9490cd32df16
SHA256

0b504e97853ce2c336585ed44f346565a253223025d4fb2bffd5c97b2d6ff970
SHA512

63fff5a9ed40a4c3f7c05249c5602a15569afa632be11e6d44ee87bdb97b65f5dbb3a2b2545aae9b2f59dae9030147b7af750dfd3a4b7c2b13501e3ccecfc6e1
SSDEEP

6144:L5JX7F0iXd3FxSWbdQFr6e0s7MVpzNJVjmsaGTjXBKN8tzTFFnV2+7Ipgn98EfsT:L5BXd3u2iF2jsKNTnXTrMNoTjVUan9aT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
324	2020	WerFault.exe	10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 324	2020	2a66243fddfbe8c8c323ed6fe8c2335c.exe	28
PID 2020 wrote to memory of 324	2020	2a66243fddfbe8c8c323ed6fe8c2335c.exe	28
PID 2020 wrote to memory of 324	2020	2a66243fddfbe8c8c323ed6fe8c2335c.exe	28
PID 2020 wrote to memory of 324	2020	2a66243fddfbe8c8c323ed6fe8c2335c.exe	28

C:\Users\Admin\AppData\Local\Temp\2a66243fddfbe8c8c323ed6fe8c2335c.exe
"C:\Users\Admin\AppData\Local\Temp\2a66243fddfbe8c8c323ed6fe8c2335c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 36
  2⤵
  - Program crash
  PID:324

memory/2020-0-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download