fd85179643f5105c53ed862265e1fb31a275dd424816f5b63887128f28a9ba13

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03-01-2024 23:25

Target

fd85179643f5105c53ed862265e1fb31a275dd424816f5b63887128f28a9ba13.exe
Size

5KB
MD5

6f644c491a502e2102083b201d51a57d
SHA1

f79aef045449a4a41116ccb9d7b4bdbb8c0d7f66
SHA256

fd85179643f5105c53ed862265e1fb31a275dd424816f5b63887128f28a9ba13
SHA512

78703874d735c2940c2fea7468229c9ec95e54d6deb915c850575a783dd05ed0beff5ade0562ad4832a5be155e9eacd9d61f1f8018468ae8d03924278ef84337
SSDEEP

48:SGlXWFPpT+dXVfzZh4yMGcKzMEkTaak4PAZivO2pB42pBdvMZL2R7tsRuqSxp:/WLkFfNnOKYloIQ2pm2pbYSIxE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2936	1244	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 2936	1244	fd85179643f5105c53ed862265e1fb31a275dd424816f5b63887128f28a9ba13.exe	13
PID 1244 wrote to memory of 2936	1244	fd85179643f5105c53ed862265e1fb31a275dd424816f5b63887128f28a9ba13.exe	13
PID 1244 wrote to memory of 2936	1244	fd85179643f5105c53ed862265e1fb31a275dd424816f5b63887128f28a9ba13.exe	13
PID 1244 wrote to memory of 2936	1244	fd85179643f5105c53ed862265e1fb31a275dd424816f5b63887128f28a9ba13.exe	13

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 48
1⤵
- Program crash
PID:2936

C:\Users\Admin\AppData\Local\Temp\fd85179643f5105c53ed862265e1fb31a275dd424816f5b63887128f28a9ba13.exe
"C:\Users\Admin\AppData\Local\Temp\fd85179643f5105c53ed862265e1fb31a275dd424816f5b63887128f28a9ba13.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1244