e13eaa51bc49390ec5915e4941a9b4a2491970255ecbb172a644f59e959b8825

Analysis

max time kernel
122s
max time network
150s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 11:49

Target

3cc6fad152f8d40a6158c0b17c0cdaec.exe
Size

107KB
MD5

3cc6fad152f8d40a6158c0b17c0cdaec
SHA1

91d7aded3964513647446e362795eba44f5cbb45
SHA256

e13eaa51bc49390ec5915e4941a9b4a2491970255ecbb172a644f59e959b8825
SHA512

a8ee05db9a682a599432afcbcb205c0a4dedbe7f0749bcc3f89a1d1c2c2c3bc17f10a57113e2d2650ee32c54a3d8adac10467f980d8becf94784dee1619f663b
SSDEEP

3072:UMbcfR9PAizUsWWINBr0sqnQIqGJhqiTFZwX1GEiEK6x:wfR9PAEWNBruvEiTsXWEV

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2292	3016	WerFault.exe	7

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2292	3016	3cc6fad152f8d40a6158c0b17c0cdaec.exe	16
PID 3016 wrote to memory of 2292	3016	3cc6fad152f8d40a6158c0b17c0cdaec.exe	16
PID 3016 wrote to memory of 2292	3016	3cc6fad152f8d40a6158c0b17c0cdaec.exe	16
PID 3016 wrote to memory of 2292	3016	3cc6fad152f8d40a6158c0b17c0cdaec.exe	16

C:\Users\Admin\AppData\Local\Temp\3cc6fad152f8d40a6158c0b17c0cdaec.exe
"C:\Users\Admin\AppData\Local\Temp\3cc6fad152f8d40a6158c0b17c0cdaec.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 36
  2⤵
  - Program crash
  PID:2292

memory/3016-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3016-1-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download