10279d39131f578f70dec583a153154bda10ab1fbb3a2a6a2031822a5c890b1d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 01:30

Target

522c809792dee1e14e52a5aa2c3de093.exe
Size

24KB
MD5

522c809792dee1e14e52a5aa2c3de093
SHA1

ffcc05889846eea9cbe09108cb39a95e4db52dd9
SHA256

10279d39131f578f70dec583a153154bda10ab1fbb3a2a6a2031822a5c890b1d
SHA512

3f2c9d4aba3dd777cc434b20568306b5fb4c1f8857bb48ab70984c3d237bdfea4835dfa4cc74edf714d0116d3fcf6241dd19bc744052b596f95fd8b3406e9644
SSDEEP

384:KBld9/Li7E2hboOp99mmyIL80vmjL87Aa0hU4L9YNO5yNqkPL+DkEXeX:KBj9Gw2eOpBFL8UmjL87z0hlZOqka3XY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
1628	2312	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 1628	2312	522c809792dee1e14e52a5aa2c3de093.exe	14
PID 2312 wrote to memory of 1628	2312	522c809792dee1e14e52a5aa2c3de093.exe	14
PID 2312 wrote to memory of 1628	2312	522c809792dee1e14e52a5aa2c3de093.exe	14
PID 2312 wrote to memory of 1628	2312	522c809792dee1e14e52a5aa2c3de093.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 116
1⤵
- Program crash
PID:1628

C:\Users\Admin\AppData\Local\Temp\522c809792dee1e14e52a5aa2c3de093.exe
"C:\Users\Admin\AppData\Local\Temp\522c809792dee1e14e52a5aa2c3de093.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2312

memory/2312-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2312-1-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download