6875da69cb6d4b4e36d0ab758a0e5492c631e22c6ffb25bc9c799c658b45c8f0

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 12:59

Target

370b5dd6b8f5abdf2451559c320faf53.exe
Size

25KB
MD5

370b5dd6b8f5abdf2451559c320faf53
SHA1

7646f8b1eb46da597a40562baa0adb6bf6cf841c
SHA256

6875da69cb6d4b4e36d0ab758a0e5492c631e22c6ffb25bc9c799c658b45c8f0
SHA512

cac5273fe0a3d843aac0a70c2b0f39518401f041e4bd75f640c57ab320d50acb1b9c80c9c8d1f02db556cc5125d187185f20162d23a8ed54ff57b2084e9f10d7
SSDEEP

384:sSKWPtnWYB5PN3v+e9ogDvOlPUvLbZ+1QedXTHJGHhyQQId1/VXg:QUWY/PNf79V4BXTHJYdQId12

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2188	1672	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2188	1672	370b5dd6b8f5abdf2451559c320faf53.exe	28
PID 1672 wrote to memory of 2188	1672	370b5dd6b8f5abdf2451559c320faf53.exe	28
PID 1672 wrote to memory of 2188	1672	370b5dd6b8f5abdf2451559c320faf53.exe	28
PID 1672 wrote to memory of 2188	1672	370b5dd6b8f5abdf2451559c320faf53.exe	28

C:\Users\Admin\AppData\Local\Temp\370b5dd6b8f5abdf2451559c320faf53.exe
"C:\Users\Admin\AppData\Local\Temp\370b5dd6b8f5abdf2451559c320faf53.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 88
  2⤵
  - Program crash
  PID:2188

memory/1672-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download