c8d9d73396552f376095446ae269fb1a54ed9ec9557bc63966c38f4457d8872e

Analysis

max time kernel
119s
max time network
140s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 07:35

Target

45a63d873cc744992c36c69b1a5940ed.exe
Size

321KB
MD5

45a63d873cc744992c36c69b1a5940ed
SHA1

64e3437f50fd08d3dc05550ca4db25d193fbdefd
SHA256

c8d9d73396552f376095446ae269fb1a54ed9ec9557bc63966c38f4457d8872e
SHA512

d551917bdd814c3fd9e2fdf6814536ca89f2f4b329af371d1b5609c750142e3075162db1784ba3fe09288b1484054a3bbcfaf79c5ac9041cfa45856431310a8d
SSDEEP

6144:OTj1OTEKnsub1upoH7td/tQqG56Prd3Z5NBA3r14lJDNIl:OFOoKnsub6oHprG5+3a7STY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1208	1536	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 1208	1536	45a63d873cc744992c36c69b1a5940ed.exe	28
PID 1536 wrote to memory of 1208	1536	45a63d873cc744992c36c69b1a5940ed.exe	28
PID 1536 wrote to memory of 1208	1536	45a63d873cc744992c36c69b1a5940ed.exe	28
PID 1536 wrote to memory of 1208	1536	45a63d873cc744992c36c69b1a5940ed.exe	28

C:\Users\Admin\AppData\Local\Temp\45a63d873cc744992c36c69b1a5940ed.exe
"C:\Users\Admin\AppData\Local\Temp\45a63d873cc744992c36c69b1a5940ed.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 116
  2⤵
  - Program crash
  PID:1208

memory/1536-0-0x0000000000B20000-0x0000000000B75000-memory.dmp

Filesize
340KB

Download