64b9a4b36169ffeb39dfac106718fb140c9a992ffc874ed619684b5543ddc988

Analysis

max time kernel
193s
max time network
31s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:23

Target

37e02df90603a38818fbcc9041228775.exe
Size

107KB
MD5

37e02df90603a38818fbcc9041228775
SHA1

32198a93f20df4a29f44bba89b0ccffabaa21aff
SHA256

64b9a4b36169ffeb39dfac106718fb140c9a992ffc874ed619684b5543ddc988
SHA512

75e909a1a0083ac721529142b357485ad5c6b530ce53fe1a27e67613ba45e732478be729c185385b6b5483ce2725445ff2adc1badf5abfb67865574cd294f7e5
SSDEEP

3072:i3G3tSK/Js/V3j5H6IhdfU4AlVaP5r83H9hMaT:Z9S+JAlH68KlVaP5r83H3Ma

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2612	2724	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2612	2724	37e02df90603a38818fbcc9041228775.exe	29
PID 2724 wrote to memory of 2612	2724	37e02df90603a38818fbcc9041228775.exe	29
PID 2724 wrote to memory of 2612	2724	37e02df90603a38818fbcc9041228775.exe	29
PID 2724 wrote to memory of 2612	2724	37e02df90603a38818fbcc9041228775.exe	29

C:\Users\Admin\AppData\Local\Temp\37e02df90603a38818fbcc9041228775.exe
"C:\Users\Admin\AppData\Local\Temp\37e02df90603a38818fbcc9041228775.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 160
  2⤵
  - Program crash
  PID:2612

memory/2724-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2724-2-0x0000000000220000-0x0000000000250000-memory.dmp

Filesize
192KB

Download
memory/2724-1-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2724-3-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2724-4-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download