410d6885547647fe44acf27fd1384efe68f2636b751d6c744e3fa6f1ff43159e

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 06:21

Target

484010b8384bdef82a7cc72c17fb06e1.exe
Size

41KB
MD5

484010b8384bdef82a7cc72c17fb06e1
SHA1

5820bbbbdeecedc3fa8c62c7e8f0ceccfc21412d
SHA256

410d6885547647fe44acf27fd1384efe68f2636b751d6c744e3fa6f1ff43159e
SHA512

5644f981c396ac8cc44c8779e03e089de6416682971ff8478a18804192ed6d267eae0e437f0404b648f61247fc01b309ff1d260223a60668f2ad452e1992e657
SSDEEP

768:aYr79Fjp9wOrrKIX2UulG0vOnA28j5Sftvh2KatLdCnBa3x+klOvz:aYvplfbUlG06ftEQnBaB+kgv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1968	2088	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 1968	2088	484010b8384bdef82a7cc72c17fb06e1.exe	28
PID 2088 wrote to memory of 1968	2088	484010b8384bdef82a7cc72c17fb06e1.exe	28
PID 2088 wrote to memory of 1968	2088	484010b8384bdef82a7cc72c17fb06e1.exe	28
PID 2088 wrote to memory of 1968	2088	484010b8384bdef82a7cc72c17fb06e1.exe	28

C:\Users\Admin\AppData\Local\Temp\484010b8384bdef82a7cc72c17fb06e1.exe
"C:\Users\Admin\AppData\Local\Temp\484010b8384bdef82a7cc72c17fb06e1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 88
  2⤵
  - Program crash
  PID:1968

memory/2088-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download