9b258e7dc6a900ea8715444dcb1b93fddda133aa0d711608bab15b8abfdd4708

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 05:05

Target

481ae4113108b8d7b46ad2cc22896d2e.exe
Size

367KB
MD5

481ae4113108b8d7b46ad2cc22896d2e
SHA1

183a71556bfeee437ba37fbb73d541ce1cd831fc
SHA256

9b258e7dc6a900ea8715444dcb1b93fddda133aa0d711608bab15b8abfdd4708
SHA512

cb555f0b7be4203c8a25b63fae20917c19cc86cee60eb79d210dbc8a5ad70dd9a48d1c6267806ea9e0690c4d3d652b2133599c56558f2e3719a27dce5edf7aec
SSDEEP

6144:rpEcAd/Mm5ZkyUneRTnJOmQ4W4/6zA5K0TzJRCp4xRvKUllD/W13+H:rTAOm5eyUnJmCzAXTzJR3RvK6lCwH

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2668	3016	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2668	3016	481ae4113108b8d7b46ad2cc22896d2e.exe	16
PID 3016 wrote to memory of 2668	3016	481ae4113108b8d7b46ad2cc22896d2e.exe	16
PID 3016 wrote to memory of 2668	3016	481ae4113108b8d7b46ad2cc22896d2e.exe	16
PID 3016 wrote to memory of 2668	3016	481ae4113108b8d7b46ad2cc22896d2e.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 116
1⤵
- Program crash
PID:2668

C:\Users\Admin\AppData\Local\Temp\481ae4113108b8d7b46ad2cc22896d2e.exe
"C:\Users\Admin\AppData\Local\Temp\481ae4113108b8d7b46ad2cc22896d2e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3016

memory/3016-0-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download