06ec1c3e21d78469e7fba79cd770903985ba790094eef33d9df453332b59bf14

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 21:31

Target

54a1e4121d14c41cad682eeb853264e1.exe
Size

23KB
MD5

54a1e4121d14c41cad682eeb853264e1
SHA1

b2d13d6ff3ce13f5a4bb3c1d315c572f658de8d5
SHA256

06ec1c3e21d78469e7fba79cd770903985ba790094eef33d9df453332b59bf14
SHA512

bf2caa661fc32f0af105fd4ecc20588c8cbfad0fee57c5324d867c0ec3b5047d4d87921f939f8e024fc9051c7352c9f1d984f7f28bd4b55044479a495756abfc
SSDEEP

384:VznmEbEHR1mKjyzkEkgBxBcxKBjR7F3IJf4UclzRvlxHZhMKTlO/FryBtAYa:daHREKtEZcxQQulFvlxHZhD4drGtAr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2508	2164	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2508	2164	54a1e4121d14c41cad682eeb853264e1.exe	28
PID 2164 wrote to memory of 2508	2164	54a1e4121d14c41cad682eeb853264e1.exe	28
PID 2164 wrote to memory of 2508	2164	54a1e4121d14c41cad682eeb853264e1.exe	28
PID 2164 wrote to memory of 2508	2164	54a1e4121d14c41cad682eeb853264e1.exe	28

C:\Users\Admin\AppData\Local\Temp\54a1e4121d14c41cad682eeb853264e1.exe
"C:\Users\Admin\AppData\Local\Temp\54a1e4121d14c41cad682eeb853264e1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 136
  2⤵
  - Program crash
  PID:2508

memory/2164-0-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2164-1-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download