12f3f67efd6c67f926a4ca63145273d0bc225fdb6ae3d40c9cfc8fd0188aa19a

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 09:38

Target

1c304532e398a9797732faaec58caef5.exe
Size

718KB
MD5

1c304532e398a9797732faaec58caef5
SHA1

0f540cf2cb6117648a67aa22e8bb54216bfd3b10
SHA256

12f3f67efd6c67f926a4ca63145273d0bc225fdb6ae3d40c9cfc8fd0188aa19a
SHA512

8a2ac28982e8fdc4e5389ffe0f22b18c325089490c07ad1548ebdf52141f5ba7f52b88ba89d44119af3a89906c21efef8db4662fb5400e7b4ca35330e668365f
SSDEEP

12288:/GGOenNYnNWz/2xqs7JpGHgTY9/2gtsf3Aop5WdeQUcD0/YN6:/G6n+n++MsJsATY9lti3/DceQ90/N

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2224	2532	WerFault.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2224	2532	1c304532e398a9797732faaec58caef5.exe	14
PID 2532 wrote to memory of 2224	2532	1c304532e398a9797732faaec58caef5.exe	14
PID 2532 wrote to memory of 2224	2532	1c304532e398a9797732faaec58caef5.exe	14
PID 2532 wrote to memory of 2224	2532	1c304532e398a9797732faaec58caef5.exe	14
PID 2532 wrote to memory of 2224	2532	1c304532e398a9797732faaec58caef5.exe	14
PID 2532 wrote to memory of 2224	2532	1c304532e398a9797732faaec58caef5.exe	14
PID 2532 wrote to memory of 2224	2532	1c304532e398a9797732faaec58caef5.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 252
1⤵
- Program crash
PID:2224

C:\Users\Admin\AppData\Local\Temp\1c304532e398a9797732faaec58caef5.exe
"C:\Users\Admin\AppData\Local\Temp\1c304532e398a9797732faaec58caef5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2532

memory/2532-1-0x0000000000230000-0x0000000000254000-memory.dmp

Filesize
144KB

Download
memory/2532-3-0x0000000000230000-0x0000000000254000-memory.dmp

Filesize
144KB

Download
memory/2532-2-0x0000000000230000-0x0000000000254000-memory.dmp

Filesize
144KB

Download
memory/2532-0-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download