3bb8a821697bd7ad42532acc6320abb9fc78489b8c2e3a6dd3af564b6dc79e5d

Analysis

max time kernel
24s
max time network
38s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 06:32

Target

2bcf07b84e155c9eb93f45d6d1c855ab.exe
Size

761KB
MD5

2bcf07b84e155c9eb93f45d6d1c855ab
SHA1

d382ee971e724c24fe4e1b8bae434d00f6b68362
SHA256

3bb8a821697bd7ad42532acc6320abb9fc78489b8c2e3a6dd3af564b6dc79e5d
SHA512

22f2aad8571a279feda394421502aa1a4505a76b81b1d64c590ce5f6859fc32a820f4446bc88ae56f6424cca4cc07b937a8ae5d8a7745be1d36b1d7145b114ea
SSDEEP

12288:SAJXdYg8PpQE9WGjLzL+xRoMQoXHijrM2KXm6CimVp4ENc+epCSddSQAyuWJW6X+:SAJXdYg8RQEI423xEqvpCkdSpvWJ/XkJ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2516	2348	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2516	2348	2bcf07b84e155c9eb93f45d6d1c855ab.exe	28
PID 2348 wrote to memory of 2516	2348	2bcf07b84e155c9eb93f45d6d1c855ab.exe	28
PID 2348 wrote to memory of 2516	2348	2bcf07b84e155c9eb93f45d6d1c855ab.exe	28
PID 2348 wrote to memory of 2516	2348	2bcf07b84e155c9eb93f45d6d1c855ab.exe	28

C:\Users\Admin\AppData\Local\Temp\2bcf07b84e155c9eb93f45d6d1c855ab.exe
"C:\Users\Admin\AppData\Local\Temp\2bcf07b84e155c9eb93f45d6d1c855ab.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 36
  2⤵
  - Program crash
  PID:2516

memory/2348-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2348-1-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download