f733b72d10d160b0dcfc5639cf954dfbd595b8d9ca7f4e4bb235639bae0c5082

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 06:20

Target

42f8e347af3048b21b5cd24ca1e5a974.exe
Size

8KB
MD5

42f8e347af3048b21b5cd24ca1e5a974
SHA1

965060b3f3f91ee977681bf7cc3206c529122b35
SHA256

f733b72d10d160b0dcfc5639cf954dfbd595b8d9ca7f4e4bb235639bae0c5082
SHA512

bd7a42cedc1b916549e223b49f5d179fbf28b4c04bfc90e8af09b1fa87d6aaeab739661cb18a95c171bbd02bc7fc674b91683b9287a930f3e774d75c8f1d8e9f
SSDEEP

24:OEhu70k1miZw4AUHqCC0vfQLLi5FyGq3MX81+dZ1FRdJdcBwAtAwJMLEZGABoUFM:OEP+mEofCmLyn5X8U5rXGBVBoO8cO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3048	3036	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 3048	3036	42f8e347af3048b21b5cd24ca1e5a974.exe	28
PID 3036 wrote to memory of 3048	3036	42f8e347af3048b21b5cd24ca1e5a974.exe	28
PID 3036 wrote to memory of 3048	3036	42f8e347af3048b21b5cd24ca1e5a974.exe	28
PID 3036 wrote to memory of 3048	3036	42f8e347af3048b21b5cd24ca1e5a974.exe	28

C:\Users\Admin\AppData\Local\Temp\42f8e347af3048b21b5cd24ca1e5a974.exe
"C:\Users\Admin\AppData\Local\Temp\42f8e347af3048b21b5cd24ca1e5a974.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 88
  2⤵
  - Program crash
  PID:3048

memory/3036-0-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download