ac3ff0a26d88d92e9c9f1900f971384a16a9e2d4be6a0ff2f06f344ed797df21

Analysis

max time kernel
161s
max time network
24s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 01:58

Target

47baf125f9ba2416b00ecc8203d5e23b.exe
Size

132KB
MD5

47baf125f9ba2416b00ecc8203d5e23b
SHA1

6d687fea8020ab750389b7c5941001ff8829a851
SHA256

ac3ff0a26d88d92e9c9f1900f971384a16a9e2d4be6a0ff2f06f344ed797df21
SHA512

dc3a62280caf6402c8a0057903f3a85f99ef73b1383ba6bda6f922bb63f286a5c5755b629f8dce68cc8229f36c32041a5dc17e6539eeec24112d6d04bc544253
SSDEEP

3072:xjpruPTy11emJWE1AoADnBFT2a4DjSYRTUMc7NI4KkW0Sb:xjNuPT4eTE18DfcD7Vc24KQSb

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2692	2688	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 2692	2688	47baf125f9ba2416b00ecc8203d5e23b.exe	29
PID 2688 wrote to memory of 2692	2688	47baf125f9ba2416b00ecc8203d5e23b.exe	29
PID 2688 wrote to memory of 2692	2688	47baf125f9ba2416b00ecc8203d5e23b.exe	29
PID 2688 wrote to memory of 2692	2688	47baf125f9ba2416b00ecc8203d5e23b.exe	29

C:\Users\Admin\AppData\Local\Temp\47baf125f9ba2416b00ecc8203d5e23b.exe
"C:\Users\Admin\AppData\Local\Temp\47baf125f9ba2416b00ecc8203d5e23b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 36
  2⤵
  - Program crash
  PID:2692

memory/2688-0-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download