e381e7451312d4acd27f61f166de99e13aaefef26107bea4e4a6d1a550ff6797

Analysis

max time kernel
156s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 02:15

Target

4484344025a374501766b1704fb5410f.exe
Size

27KB
MD5

4484344025a374501766b1704fb5410f
SHA1

811ca2edd806933bc053b6190a07e1e1d60f683e
SHA256

e381e7451312d4acd27f61f166de99e13aaefef26107bea4e4a6d1a550ff6797
SHA512

0a6ac2e27ec096831f272d2addd18f09773207d0d756b7efd755d40f6a81dd7dc133eecad122cd06174d63d5b328e7aa0d24c4aa28e2a928bde5b82fd6cd3e27
SSDEEP

768:kG2X5kFdyWmaQhKl6cHTOVvbnIMQhC+ccxGWlZbxbha53:ko3yfaOr2yVvFXqd3rS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2900	2660	WerFault.exe	6

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2900	2660	4484344025a374501766b1704fb5410f.exe	27
PID 2660 wrote to memory of 2900	2660	4484344025a374501766b1704fb5410f.exe	27
PID 2660 wrote to memory of 2900	2660	4484344025a374501766b1704fb5410f.exe	27
PID 2660 wrote to memory of 2900	2660	4484344025a374501766b1704fb5410f.exe	27

C:\Users\Admin\AppData\Local\Temp\4484344025a374501766b1704fb5410f.exe
"C:\Users\Admin\AppData\Local\Temp\4484344025a374501766b1704fb5410f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 140
  2⤵
  - Program crash
  PID:2900

memory/2660-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download