04b1f847a1cc4d0fdce7fdae06d7e736d4530ea8712a12f71d8aa25e4bdd5f40

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 06:08

Target

2b36d8d074c6ea8bbb93bc630aa3271e.exe
Size

363KB
MD5

2b36d8d074c6ea8bbb93bc630aa3271e
SHA1

575a4984bc9956966188fa077a33f48ea177e6c7
SHA256

04b1f847a1cc4d0fdce7fdae06d7e736d4530ea8712a12f71d8aa25e4bdd5f40
SHA512

0073c419b89d7607a94eca3f99b572ba45dc463749602da5cccfd657f7d49a121b08b7b97a06d32b9e90f4c02ba9447d6b7574c7d2df39be651d35545b90a3cb
SSDEEP

6144:CTt/t72XtcLvIssPOLkweQ9XpEN1YxMlsH6IbNQGJ0LM2:g/t7wssPOiQ9XpLxMCvCGm

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2672	2444	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2672	2444	2b36d8d074c6ea8bbb93bc630aa3271e.exe	28
PID 2444 wrote to memory of 2672	2444	2b36d8d074c6ea8bbb93bc630aa3271e.exe	28
PID 2444 wrote to memory of 2672	2444	2b36d8d074c6ea8bbb93bc630aa3271e.exe	28
PID 2444 wrote to memory of 2672	2444	2b36d8d074c6ea8bbb93bc630aa3271e.exe	28

C:\Users\Admin\AppData\Local\Temp\2b36d8d074c6ea8bbb93bc630aa3271e.exe
"C:\Users\Admin\AppData\Local\Temp\2b36d8d074c6ea8bbb93bc630aa3271e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 152
  2⤵
  - Program crash
  PID:2672

memory/2444-0-0x0000000000250000-0x0000000000284000-memory.dmp

Filesize
208KB

Download