3e09c0f9f3276680a1b2a60597068d2c89e4b725198217cf3cde0e86100fdc3e

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 10:30

Target

48bbda62acef3799f1ad12ea1d73cf5a.exe
Size

360KB
MD5

48bbda62acef3799f1ad12ea1d73cf5a
SHA1

6c748301c6e7949fa658812c0ba41e38bc3f08ba
SHA256

3e09c0f9f3276680a1b2a60597068d2c89e4b725198217cf3cde0e86100fdc3e
SHA512

530ff7ab9e311f3059c2f06c757eb7f1ca39d9b8f339e2dc499d7dd71fa723f88f1dcd377b2be3b8b438bf2784bad4f5d9420ffef1395523ebf375dd899d93dd
SSDEEP

6144:DP5gHVwA0KEalo8OvQIe5bEDY5Eev/H+bMLiX6z7LnvcrAMTnhPrtRF:bOHVw3slo8O4IS12MGXUnvPMTnhPrtb

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2116	1456	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 2116	1456	48bbda62acef3799f1ad12ea1d73cf5a.exe	28
PID 1456 wrote to memory of 2116	1456	48bbda62acef3799f1ad12ea1d73cf5a.exe	28
PID 1456 wrote to memory of 2116	1456	48bbda62acef3799f1ad12ea1d73cf5a.exe	28
PID 1456 wrote to memory of 2116	1456	48bbda62acef3799f1ad12ea1d73cf5a.exe	28

C:\Users\Admin\AppData\Local\Temp\48bbda62acef3799f1ad12ea1d73cf5a.exe
"C:\Users\Admin\AppData\Local\Temp\48bbda62acef3799f1ad12ea1d73cf5a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 36
  2⤵
  - Program crash
  PID:2116

memory/1456-0-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download