225bf600813362af9bb53213be3122b55de37c6ac7c0d013ba1dff38b90f35b9

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 06:12

Target

4fcc82fbd2f615bc45c309bb5f89412b.exe
Size

75KB
MD5

4fcc82fbd2f615bc45c309bb5f89412b
SHA1

9ef5f7c8902e211255891f713e8bfbbdaef0411e
SHA256

225bf600813362af9bb53213be3122b55de37c6ac7c0d013ba1dff38b90f35b9
SHA512

f016f71328ab4c74a20e977802aaa9b511950c68dd3a5e4dd585739c1ea2f2a492444b21651dbe1a487dece86c36e5536d2bb56eab6a8e34416fb563b86da267
SSDEEP

1536:d5YUuCanoHsCHYi8+xST+MziPfAilBAxwtS8gmAuByX+9MM5AtmiWrZP:rYwaYtY8oz4pleCtSCyOp5AADlP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
112	1416	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 112	1416	4fcc82fbd2f615bc45c309bb5f89412b.exe	14
PID 1416 wrote to memory of 112	1416	4fcc82fbd2f615bc45c309bb5f89412b.exe	14
PID 1416 wrote to memory of 112	1416	4fcc82fbd2f615bc45c309bb5f89412b.exe	14
PID 1416 wrote to memory of 112	1416	4fcc82fbd2f615bc45c309bb5f89412b.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 44
1⤵
- Program crash
PID:112

C:\Users\Admin\AppData\Local\Temp\4fcc82fbd2f615bc45c309bb5f89412b.exe
"C:\Users\Admin\AppData\Local\Temp\4fcc82fbd2f615bc45c309bb5f89412b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1416

memory/1416-0-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download