110f068f66cf8cd9b5164c0977fcc86c8d0b13fe0d4ca8a02d9c37b66f9ed3a4

Analysis

max time kernel
33s
max time network
31s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 08:35

Target

4882fd09f5b320086a2c40302f068bde.exe
Size

368KB
MD5

4882fd09f5b320086a2c40302f068bde
SHA1

056d9182929d70d8c3566e55b74182363a141b4b
SHA256

110f068f66cf8cd9b5164c0977fcc86c8d0b13fe0d4ca8a02d9c37b66f9ed3a4
SHA512

c9e04c1c28b2afbc053098f7389b6d7212d505a2a15e7383b6b2a12bff51d4ea8f07d41ed769d2831762371a49af545fcf2fa1ac0fecc5e4449425ed054bae47
SSDEEP

6144:RTAp4naqm5GR/0N4Ftn6vicI8qtQQenKDFujBeqSDgzB8jk3Ob:R041m5Q/0N4L9xYus1NSD2Cg3Ob

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2884	1916	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 2884	1916	4882fd09f5b320086a2c40302f068bde.exe	29
PID 1916 wrote to memory of 2884	1916	4882fd09f5b320086a2c40302f068bde.exe	29
PID 1916 wrote to memory of 2884	1916	4882fd09f5b320086a2c40302f068bde.exe	29
PID 1916 wrote to memory of 2884	1916	4882fd09f5b320086a2c40302f068bde.exe	29

C:\Users\Admin\AppData\Local\Temp\4882fd09f5b320086a2c40302f068bde.exe
"C:\Users\Admin\AppData\Local\Temp\4882fd09f5b320086a2c40302f068bde.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 116
  2⤵
  - Program crash
  PID:2884

memory/1916-0-0x0000000000FD0000-0x0000000001030000-memory.dmp

Filesize
384KB

Download