b999a8d860a081a07c5ff459d47c76a82eefc5e2e7d88b7588e8f158e561570f

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 12:39

Target

367591ceecc09e026e12145cea35eb47.exe
Size

189KB
MD5

367591ceecc09e026e12145cea35eb47
SHA1

a082499833e84de12868ff267d164ff42d41db52
SHA256

b999a8d860a081a07c5ff459d47c76a82eefc5e2e7d88b7588e8f158e561570f
SHA512

e2e6850ce2d1ad59b17ac28a7706a8c722ffeb11fdbfe31ba50ffeee3d82a2d7b6c11bfd8824ecb85b2ad2d32b0c84077d52eee704429a23d0bf1cdd20b6c1ff
SSDEEP

3072:o84ycFrH4l06fWnxNxvADObX95mayxkwsBeApMSwPRksJLkyDEwHkFWloAm2A8fD:H4tLlHaDO73kxkwsBeQMSWksieRkAKlw

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2080	2120	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2080	2120	367591ceecc09e026e12145cea35eb47.exe	14
PID 2120 wrote to memory of 2080	2120	367591ceecc09e026e12145cea35eb47.exe	14
PID 2120 wrote to memory of 2080	2120	367591ceecc09e026e12145cea35eb47.exe	14
PID 2120 wrote to memory of 2080	2120	367591ceecc09e026e12145cea35eb47.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 92
1⤵
- Program crash
PID:2080

C:\Users\Admin\AppData\Local\Temp\367591ceecc09e026e12145cea35eb47.exe
"C:\Users\Admin\AppData\Local\Temp\367591ceecc09e026e12145cea35eb47.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2120