fe12e30bc8b46ea7feb2ff77dee2bf9dee6b4410a81404edfb916fc6b70d6d08

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:30

Target

38188c678e10ee14fa72ee5db2e42570.exe
Size

886KB
MD5

38188c678e10ee14fa72ee5db2e42570
SHA1

d102d81564c5db282158702b50e06d7488978d19
SHA256

fe12e30bc8b46ea7feb2ff77dee2bf9dee6b4410a81404edfb916fc6b70d6d08
SHA512

8777c25f37df29faeebc39b7352ed11259067aec7dba3eeaab71de57a55aef796273cec7b94df79abf3c811cba85451ad1bd7d4956245bebd12a7cc5d60f71e8
SSDEEP

12288:F4lsXvtCcmVVXzzn4PJAahPl/QEdIMiVbHydETJnJWkYMecW:F4lavt0LkLL9IMixoEFNYqW

Score

5^/10

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2476-0-0x0000000000900000-0x00000000009E4000-memory.dmp	autoit_exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1752	2476	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 1752	2476	38188c678e10ee14fa72ee5db2e42570.exe	16
PID 2476 wrote to memory of 1752	2476	38188c678e10ee14fa72ee5db2e42570.exe	16
PID 2476 wrote to memory of 1752	2476	38188c678e10ee14fa72ee5db2e42570.exe	16
PID 2476 wrote to memory of 1752	2476	38188c678e10ee14fa72ee5db2e42570.exe	16

C:\Users\Admin\AppData\Local\Temp\38188c678e10ee14fa72ee5db2e42570.exe
"C:\Users\Admin\AppData\Local\Temp\38188c678e10ee14fa72ee5db2e42570.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
  2⤵
  - Program crash
  PID:1752

memory/2476-0-0x0000000000900000-0x00000000009E4000-memory.dmp

Filesize
912KB

Download