46f5c680eafb00a1ccce4f1e2c92d62fe833feb73fe25adc51cb0b8fc121e129

Analysis

max time kernel
118s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 09:34

Target

4081e6a4f1da17d09231f124428bee10.exe
Size

87KB
MD5

4081e6a4f1da17d09231f124428bee10
SHA1

2dfe391211be7c2b86640795955969bb759e4ad4
SHA256

46f5c680eafb00a1ccce4f1e2c92d62fe833feb73fe25adc51cb0b8fc121e129
SHA512

750c4805615aff601318e88e77e047e43d621c9d4bfe2c0446164fd78bfa084b854596fd76c10cb2effecf77a4d070299554d4a7a4c366cf1e0210ac8db9bcc7
SSDEEP

1536:dfiii1yEb2jwUJFmhnKBxTaPETB8ZXLP45rO0ZOWpjVrs2ryrd1vUQuq5Eer/:Oyw/UJFmYxOcTBwr4bZDHs2qj7/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2692	2580	WerFault.exe	24

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 2692	2580	4081e6a4f1da17d09231f124428bee10.exe	30
PID 2580 wrote to memory of 2692	2580	4081e6a4f1da17d09231f124428bee10.exe	30
PID 2580 wrote to memory of 2692	2580	4081e6a4f1da17d09231f124428bee10.exe	30
PID 2580 wrote to memory of 2692	2580	4081e6a4f1da17d09231f124428bee10.exe	30

C:\Users\Admin\AppData\Local\Temp\4081e6a4f1da17d09231f124428bee10.exe
"C:\Users\Admin\AppData\Local\Temp\4081e6a4f1da17d09231f124428bee10.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 36
  2⤵
  - Program crash
  PID:2692

memory/2580-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download