4fcf0646115caf99906d408db509176f08112ac4147c752a3680d9fe38a81047

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 15:18

Target

3d31495fde06ef863b6329e10c7e2b36.exe
Size

2.0MB
MD5

3d31495fde06ef863b6329e10c7e2b36
SHA1

009c7a5613cf1a40d8d66125fb3f8bc5d4d7421d
SHA256

4fcf0646115caf99906d408db509176f08112ac4147c752a3680d9fe38a81047
SHA512

4ded24c11c0e2fa8464462e0f1c1bffcccae2714a0c336cf659fc0c0720605ca5519fbc3328625f2c54379672c266b6fdbeff77e6e71499690e32d10976eecbc
SSDEEP

49152:cuDF9L7lS4IEj/FZh9zz3yYh3Y2F1sxjOLkp4deFPY8/S:cuH77LFZh4YFY2j4Owp4kFg8q

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2204	688	WerFault.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 688 wrote to memory of 2204	688	3d31495fde06ef863b6329e10c7e2b36.exe	16
PID 688 wrote to memory of 2204	688	3d31495fde06ef863b6329e10c7e2b36.exe	16
PID 688 wrote to memory of 2204	688	3d31495fde06ef863b6329e10c7e2b36.exe	16
PID 688 wrote to memory of 2204	688	3d31495fde06ef863b6329e10c7e2b36.exe	16
PID 688 wrote to memory of 2204	688	3d31495fde06ef863b6329e10c7e2b36.exe	16
PID 688 wrote to memory of 2204	688	3d31495fde06ef863b6329e10c7e2b36.exe	16
PID 688 wrote to memory of 2204	688	3d31495fde06ef863b6329e10c7e2b36.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 224
1⤵
- Program crash
PID:2204

C:\Users\Admin\AppData\Local\Temp\3d31495fde06ef863b6329e10c7e2b36.exe
"C:\Users\Admin\AppData\Local\Temp\3d31495fde06ef863b6329e10c7e2b36.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:688

memory/688-0-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download