d53ce827cd3d3dd8565603095ca96bd76b06b356d39b279bc2f90b6efbc45732

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10-01-2024 01:47

Target

4f423536c1d79f994ebf974ebcd8d13d.exe
Size

123KB
MD5

4f423536c1d79f994ebf974ebcd8d13d
SHA1

20c50eb321f3256e1f28f0fe815e781b4e1c8c48
SHA256

d53ce827cd3d3dd8565603095ca96bd76b06b356d39b279bc2f90b6efbc45732
SHA512

c1da7f21016a1a4b0661fb3af97c871c76d37af776050cfc8e236930b9a545c6892084d785cec66eff063004c97fcd02bb052bcb98b39aa213169870336af404
SSDEEP

3072:0Ggu22NZcHOgFrlQJdQg7dqqRszsT1IqMJh61PtuGo2:NgmNeOgFJQJi8d0Koy1X

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1724	2124	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 1724	2124	4f423536c1d79f994ebf974ebcd8d13d.exe	28
PID 2124 wrote to memory of 1724	2124	4f423536c1d79f994ebf974ebcd8d13d.exe	28
PID 2124 wrote to memory of 1724	2124	4f423536c1d79f994ebf974ebcd8d13d.exe	28
PID 2124 wrote to memory of 1724	2124	4f423536c1d79f994ebf974ebcd8d13d.exe	28

C:\Users\Admin\AppData\Local\Temp\4f423536c1d79f994ebf974ebcd8d13d.exe
"C:\Users\Admin\AppData\Local\Temp\4f423536c1d79f994ebf974ebcd8d13d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 36
  2⤵
  - Program crash
  PID:1724

memory/2124-0-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download