88b648b179f8d1a4c7d2930fc9790490478e658fb27a785bcac3cdc12d1f74d6

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:43

Target

2a7bc4816c997c7b06e0c50fdbfc0ff1.exe
Size

422KB
MD5

2a7bc4816c997c7b06e0c50fdbfc0ff1
SHA1

a0d262fae376d1cf60570375565ea8d48782d253
SHA256

88b648b179f8d1a4c7d2930fc9790490478e658fb27a785bcac3cdc12d1f74d6
SHA512

d02071149eaacf9f8b5aa995df1e9fa776929ecff38ddef7b954bb85504698d75d1d22bb20bbb1ca546a16d3ccb5c593b17c2592e436f969dbd29f6e7f184e48
SSDEEP

6144:ykB1INZdWaFzaE7mDGg7Y4+MFyBPys80G5sEOi9Ri9na5UVx3a:ykBgdW/E7mDGg8xMkBp80GiZa5UVh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1312	2644	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 1312	2644	2a7bc4816c997c7b06e0c50fdbfc0ff1.exe	28
PID 2644 wrote to memory of 1312	2644	2a7bc4816c997c7b06e0c50fdbfc0ff1.exe	28
PID 2644 wrote to memory of 1312	2644	2a7bc4816c997c7b06e0c50fdbfc0ff1.exe	28
PID 2644 wrote to memory of 1312	2644	2a7bc4816c997c7b06e0c50fdbfc0ff1.exe	28

C:\Users\Admin\AppData\Local\Temp\2a7bc4816c997c7b06e0c50fdbfc0ff1.exe
"C:\Users\Admin\AppData\Local\Temp\2a7bc4816c997c7b06e0c50fdbfc0ff1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 116
  2⤵
  - Program crash
  PID:1312

memory/2644-0-0x0000000001190000-0x00000000011FE000-memory.dmp

Filesize
440KB

Download