9d6fa82eed1d857ea6db86dc807564c1fe9826bb0fd2a23f90a300575accc091

Analysis

max time kernel
141s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 14:19

Target

4116498a6df96260898c906b8bd7ebf2.exe
Size

22KB
MD5

4116498a6df96260898c906b8bd7ebf2
SHA1

eefb3fb12e59c46921f32a50ada516e87a0385ad
SHA256

9d6fa82eed1d857ea6db86dc807564c1fe9826bb0fd2a23f90a300575accc091
SHA512

76c132d4584954416b7ec570c7f6f70d52182629199d697521bb7b9072e7afac9eb1e4af55be3ce268c5a9494942602462035903cc53bffa7f26150eb6204712
SSDEEP

384:o4uTGgdaPRkW7dSTqNCGYq8lH3dDejywnhX/IPlFlZNQ6MuJawxYM5nADphTFh:o4uAzgyCGEl5eesBgPbBQK5ADrTb

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1208	2356	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 1208	2356	4116498a6df96260898c906b8bd7ebf2.exe	28
PID 2356 wrote to memory of 1208	2356	4116498a6df96260898c906b8bd7ebf2.exe	28
PID 2356 wrote to memory of 1208	2356	4116498a6df96260898c906b8bd7ebf2.exe	28
PID 2356 wrote to memory of 1208	2356	4116498a6df96260898c906b8bd7ebf2.exe	28

C:\Users\Admin\AppData\Local\Temp\4116498a6df96260898c906b8bd7ebf2.exe
"C:\Users\Admin\AppData\Local\Temp\4116498a6df96260898c906b8bd7ebf2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 156
  2⤵
  - Program crash
  PID:1208

memory/2356-0-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2356-1-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download