3e7c493cc1be7a304bb341c49eeb66d10f3a1a62e31fceb098bf80d8b8e6e080

Analysis

max time kernel
195s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10-01-2024 04:21

Target

4f9123159da69d1f04fe7d176e02ed0c.exe
Size

23KB
MD5

4f9123159da69d1f04fe7d176e02ed0c
SHA1

b3d7b919a586938241f31a8b06ad8ec911081de2
SHA256

3e7c493cc1be7a304bb341c49eeb66d10f3a1a62e31fceb098bf80d8b8e6e080
SHA512

7f124bb44c87164c8b9413798ed9825ac576e462927b2090b04cd2ac3a0524c1f71320a61d7dec2c20dd223dd0a4d23f24f74c7b5db436d31e1170aad079303c
SSDEEP

384:rE6wtKQrmtUtsJATklnnEOP5pkXLzrpYc1n2uqsjc3Ah+Dx95JWJlxl9Z9FRC:rE6ZQKtUyJTnEw4XrpYun2uGU+l9cl5K

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2664	2648	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2664	2648	4f9123159da69d1f04fe7d176e02ed0c.exe	29
PID 2648 wrote to memory of 2664	2648	4f9123159da69d1f04fe7d176e02ed0c.exe	29
PID 2648 wrote to memory of 2664	2648	4f9123159da69d1f04fe7d176e02ed0c.exe	29
PID 2648 wrote to memory of 2664	2648	4f9123159da69d1f04fe7d176e02ed0c.exe	29

C:\Users\Admin\AppData\Local\Temp\4f9123159da69d1f04fe7d176e02ed0c.exe
"C:\Users\Admin\AppData\Local\Temp\4f9123159da69d1f04fe7d176e02ed0c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 36
  2⤵
  - Program crash
  PID:2664

memory/2648-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2648-1-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download