22a4bd6519576f9f8467b0a58e53c9d7c9adfad03460b8ea9447af5863ab6182

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 23:27

Target

3e24dddcb02a6282fda1ebfefd786ed4.exe
Size

226KB
MD5

3e24dddcb02a6282fda1ebfefd786ed4
SHA1

08cd15f22d0579686deafd72aa94e42cecc4dc85
SHA256

22a4bd6519576f9f8467b0a58e53c9d7c9adfad03460b8ea9447af5863ab6182
SHA512

4060969bc554a3bff00feaa14840cc5326784070550f9f6dad02161061ce2e64f3e33308414e2f70cfc4fd1592f2eabc4966d18725f871f2dc0a13e1aca4c858
SSDEEP

6144:6H8U95EB1TbvxLfiruMyVo7CCfy/bfsZv420bgs7H:m8U9SB1TbvxLKJGWLTwZgs7H

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2876	1388	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 2876	1388	3e24dddcb02a6282fda1ebfefd786ed4.exe	14
PID 1388 wrote to memory of 2876	1388	3e24dddcb02a6282fda1ebfefd786ed4.exe	14
PID 1388 wrote to memory of 2876	1388	3e24dddcb02a6282fda1ebfefd786ed4.exe	14
PID 1388 wrote to memory of 2876	1388	3e24dddcb02a6282fda1ebfefd786ed4.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 100
1⤵
- Program crash
PID:2876

C:\Users\Admin\AppData\Local\Temp\3e24dddcb02a6282fda1ebfefd786ed4.exe
"C:\Users\Admin\AppData\Local\Temp\3e24dddcb02a6282fda1ebfefd786ed4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1388

memory/1388-0-0x0000000001100000-0x0000000001111000-memory.dmp

Filesize
68KB

Download