03eb3bb6335bea461cb8d014eb96fc414ed47474eddb5a7f9cc09ca0913defe8

Analysis

max time kernel
118s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-01-2024 17:09

Target

416eff3899b92345252590e81860a42a.exe
Size

111KB
MD5

416eff3899b92345252590e81860a42a
SHA1

0b1cee1c1314e15860dbb0188ee5d6805528942d
SHA256

03eb3bb6335bea461cb8d014eb96fc414ed47474eddb5a7f9cc09ca0913defe8
SHA512

ba2e07c560898d32107abfe1ee7c8d4ddecf1fd265a65ac52ed8e9bac0d095e515c1593296c18a99683f69c5bf62d8b32330f62b0b87380676a1744b382fecee
SSDEEP

1536:gbp/WOaa9HNnj8T3vyL9eeo9QwveeMEZ3tNVvrVIFeQHe8ongLmcsHmzBTXSJQIc:gEOaa5Bj8789sm4N6ewLdzBVIG/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3040	2984	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 3040	2984	416eff3899b92345252590e81860a42a.exe	28
PID 2984 wrote to memory of 3040	2984	416eff3899b92345252590e81860a42a.exe	28
PID 2984 wrote to memory of 3040	2984	416eff3899b92345252590e81860a42a.exe	28
PID 2984 wrote to memory of 3040	2984	416eff3899b92345252590e81860a42a.exe	28

C:\Users\Admin\AppData\Local\Temp\416eff3899b92345252590e81860a42a.exe
"C:\Users\Admin\AppData\Local\Temp\416eff3899b92345252590e81860a42a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 36
  2⤵
  - Program crash
  PID:3040

memory/2984-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2984-1-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download