48aa63614f7ed154deb0fcae614db4489f4ac89585c78b44092c44ce00f927d2

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 07:10

Target

3c352d83a296be073ab07c955f1c7b54.exe
Size

136KB
MD5

3c352d83a296be073ab07c955f1c7b54
SHA1

b7b9870a2ef345ecfc2f464b27356d27fcdbbe53
SHA256

48aa63614f7ed154deb0fcae614db4489f4ac89585c78b44092c44ce00f927d2
SHA512

4a63cf1ae102172e59ead46fbadc4b9a140ed48a649632eb83fe598e8a1fc98f424ee83fe253d46e34bd800c487f6efcb7714a75787f94cdda987e55601138bb
SSDEEP

3072:unpuH0a6zm1hCn0Annyqs2LXhJuMdmkJsNUTQ9PkpRRnEUWzQUfI2IhowFs:H0a+mW7n5s2bhJudyTaPkpRREAUQ2Iho

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2040	1684	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 2040	1684	3c352d83a296be073ab07c955f1c7b54.exe	16
PID 1684 wrote to memory of 2040	1684	3c352d83a296be073ab07c955f1c7b54.exe	16
PID 1684 wrote to memory of 2040	1684	3c352d83a296be073ab07c955f1c7b54.exe	16
PID 1684 wrote to memory of 2040	1684	3c352d83a296be073ab07c955f1c7b54.exe	16

C:\Users\Admin\AppData\Local\Temp\3c352d83a296be073ab07c955f1c7b54.exe
"C:\Users\Admin\AppData\Local\Temp\3c352d83a296be073ab07c955f1c7b54.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 116
  2⤵
  - Program crash
  PID:2040

memory/1684-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download