f4c156ebdb2fd9e7e2d1355bb2170d6ec66cef3b48c8febcb26e34b380877d64

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 05:37

Target

4fba200743cfb538faee159fd4a72fd4.exe
Size

103KB
MD5

4fba200743cfb538faee159fd4a72fd4
SHA1

2307cb3d40697d4ed2dc57715d4ee5120b5706a1
SHA256

f4c156ebdb2fd9e7e2d1355bb2170d6ec66cef3b48c8febcb26e34b380877d64
SHA512

2f3838313665bfe16e782ac4d5dba9be2baf6a76f7dd57be6dac98ba2dbf92e1f4760279580f1fd7baec03c998b872ad874f5c7ba98d446d4a10a673864fc365
SSDEEP

1536:bCANdzV4swxbelg8aKoQo2RSvEm4YpKENa1doUGX6PupZKfN4D:GUdpy/eowQ8mPn6+UGXSujKSD

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
1752	1716	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 1752	1716	4fba200743cfb538faee159fd4a72fd4.exe	15
PID 1716 wrote to memory of 1752	1716	4fba200743cfb538faee159fd4a72fd4.exe	15
PID 1716 wrote to memory of 1752	1716	4fba200743cfb538faee159fd4a72fd4.exe	15
PID 1716 wrote to memory of 1752	1716	4fba200743cfb538faee159fd4a72fd4.exe	15

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 36
1⤵
- Program crash
PID:1752

C:\Users\Admin\AppData\Local\Temp\4fba200743cfb538faee159fd4a72fd4.exe
"C:\Users\Admin\AppData\Local\Temp\4fba200743cfb538faee159fd4a72fd4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1716

memory/1716-0-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download