45dd9e57e6afce0ee235c3ff92e9267526c7a8605458596936fc441026af2602

Analysis

max time kernel
120s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 09:30

Target

3c7fd16de2926d95bb06ab2c87f569ed.exe
Size

90KB
MD5

3c7fd16de2926d95bb06ab2c87f569ed
SHA1

7f673e40db2d5d2688d341c8001244b266bb887c
SHA256

45dd9e57e6afce0ee235c3ff92e9267526c7a8605458596936fc441026af2602
SHA512

e8168a33c0b885ec41daa32c74e47faec7f18cbad14367dd070de171e7a6e1a21c698be35f13aeb091da1f40b6822dc53cd293e47ac6fbc7c280ac67276c0ca7
SSDEEP

1536:ah/pw3DEwl41iBQguyROdU4hxsSZjzdbCiResZcjkfY3cQWlU0AxL3:rTEwS1iBdwU9SpdbxesSkfXSfxr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2780	1752	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2780	1752	3c7fd16de2926d95bb06ab2c87f569ed.exe	28
PID 1752 wrote to memory of 2780	1752	3c7fd16de2926d95bb06ab2c87f569ed.exe	28
PID 1752 wrote to memory of 2780	1752	3c7fd16de2926d95bb06ab2c87f569ed.exe	28
PID 1752 wrote to memory of 2780	1752	3c7fd16de2926d95bb06ab2c87f569ed.exe	28

C:\Users\Admin\AppData\Local\Temp\3c7fd16de2926d95bb06ab2c87f569ed.exe
"C:\Users\Admin\AppData\Local\Temp\3c7fd16de2926d95bb06ab2c87f569ed.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 148
  2⤵
  - Program crash
  PID:2780

memory/1752-0-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download