baabe43ae8f9b5715b6a9e5b745c5b3c14c21786027cc6a94df92ffabef16134

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 09:20

Target

4def949934e7c902acab99fde103b716.exe
Size

220KB
MD5

4def949934e7c902acab99fde103b716
SHA1

d3b9ff298b008dee994efeb5cbb3865a514e77b3
SHA256

baabe43ae8f9b5715b6a9e5b745c5b3c14c21786027cc6a94df92ffabef16134
SHA512

93cc3fcd498f4a348963b9742903ee03e67531d5691dfad9af31dca69484c5413405e7d9640ffdc73b0b48140cff2230047fb0e6b5c5980f2ee8c72924d0bf85
SSDEEP

384:sAWByYKKRJmfZ490acASePodP0w4fNgG6zLvHQJdkBPFDemj9/f8Cok2gHLmyMof:BasYKfWgGSwurth2grpMos0n

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2860	2084	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2860	2084	4def949934e7c902acab99fde103b716.exe	28
PID 2084 wrote to memory of 2860	2084	4def949934e7c902acab99fde103b716.exe	28
PID 2084 wrote to memory of 2860	2084	4def949934e7c902acab99fde103b716.exe	28
PID 2084 wrote to memory of 2860	2084	4def949934e7c902acab99fde103b716.exe	28

C:\Users\Admin\AppData\Local\Temp\4def949934e7c902acab99fde103b716.exe
"C:\Users\Admin\AppData\Local\Temp\4def949934e7c902acab99fde103b716.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 148
  2⤵
  - Program crash
  PID:2860

memory/2084-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download