8f3f3f15ce4672af16d0a4599cc95af6f39881b87a9c7bc7a884cecae4218a91

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 08:19

Target

4aebcaa95b3578599c6e501a9afe3e50.exe
Size

20KB
MD5

4aebcaa95b3578599c6e501a9afe3e50
SHA1

593ba5a0386e43cf259161123f2193fbee94395a
SHA256

8f3f3f15ce4672af16d0a4599cc95af6f39881b87a9c7bc7a884cecae4218a91
SHA512

ce5f01a4f578885a01fdee50d56b92dd944371cea643e067f44e749d74e87c8287ba299932383bd07b841a4a1ad96ee0c8c1da5923b79d2f6942c46063222f1b
SSDEEP

384:Vh2FMkO4fW0vTdMmFlth+S8AIcRj80ulTTuSSQU5y3zgViKS4V:PMMkHWWyqTBIc2hTySSQX0E4V

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2892	1180	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 2892	1180	4aebcaa95b3578599c6e501a9afe3e50.exe	28
PID 1180 wrote to memory of 2892	1180	4aebcaa95b3578599c6e501a9afe3e50.exe	28
PID 1180 wrote to memory of 2892	1180	4aebcaa95b3578599c6e501a9afe3e50.exe	28
PID 1180 wrote to memory of 2892	1180	4aebcaa95b3578599c6e501a9afe3e50.exe	28

C:\Users\Admin\AppData\Local\Temp\4aebcaa95b3578599c6e501a9afe3e50.exe
"C:\Users\Admin\AppData\Local\Temp\4aebcaa95b3578599c6e501a9afe3e50.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 140
  2⤵
  - Program crash
  PID:2892

memory/1180-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1180-1-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download