f36d410fb84002376b3fd62a8c6bebda0a91857a10d568d383a3bbe3feac452d

Analysis

max time kernel
146s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 08:40

Target

501a9607c1cce7f17e78e9efbd881b84.exe
Size

21KB
MD5

501a9607c1cce7f17e78e9efbd881b84
SHA1

3e2825d3bef55bf64b789f80529ec9a865ff247f
SHA256

f36d410fb84002376b3fd62a8c6bebda0a91857a10d568d383a3bbe3feac452d
SHA512

34f1b91a71bce181797ab0378444cec24ebe685ef66c1f5a63b5fa2b6afb255b5fd0fc5fe5efcb8d0cbcb2d75e5392d4cefe997b519e899c10eddcecc31de6d7
SSDEEP

384:zqvrgvOIUu5CBnIJVDCkVO4O/spNa4kOn5h8h9lrlUm0aNUawxYM5iWMZ:zqvrHTPB0dzFOELa4kI5hexljXN25IZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3020	2340	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 3020	2340	501a9607c1cce7f17e78e9efbd881b84.exe	28
PID 2340 wrote to memory of 3020	2340	501a9607c1cce7f17e78e9efbd881b84.exe	28
PID 2340 wrote to memory of 3020	2340	501a9607c1cce7f17e78e9efbd881b84.exe	28
PID 2340 wrote to memory of 3020	2340	501a9607c1cce7f17e78e9efbd881b84.exe	28

C:\Users\Admin\AppData\Local\Temp\501a9607c1cce7f17e78e9efbd881b84.exe
"C:\Users\Admin\AppData\Local\Temp\501a9607c1cce7f17e78e9efbd881b84.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 152
  2⤵
  - Program crash
  PID:3020

memory/2340-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2340-1-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download