538bc513a06e6d009e0e484bbb60e4ab63818ddbed131cfde21749836a15572d

Analysis

max time kernel
122s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11-01-2024 16:44

Target

540cc929a5ede48f33b8658fa9ae6816.exe
Size

28KB
MD5

540cc929a5ede48f33b8658fa9ae6816
SHA1

ae907cde85d4f32f15ae028d5116cf94c57c56db
SHA256

538bc513a06e6d009e0e484bbb60e4ab63818ddbed131cfde21749836a15572d
SHA512

3b5fd71556f073af54dc60a13fe18087b49b381a39b43a4c0d6c60c01febbe591e826931929bffe686177d91f8527f738c577985e40071b1fda7059351f3f0f9
SSDEEP

768:p9RqK5L0hagv8f/Pm27MIaoXhXHetBt7ge3hfKi36D:rRPgRKGHIdXhX+t37geRSB

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1884	2284	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 1884	2284	540cc929a5ede48f33b8658fa9ae6816.exe	27
PID 2284 wrote to memory of 1884	2284	540cc929a5ede48f33b8658fa9ae6816.exe	27
PID 2284 wrote to memory of 1884	2284	540cc929a5ede48f33b8658fa9ae6816.exe	27
PID 2284 wrote to memory of 1884	2284	540cc929a5ede48f33b8658fa9ae6816.exe	27

C:\Users\Admin\AppData\Local\Temp\540cc929a5ede48f33b8658fa9ae6816.exe
"C:\Users\Admin\AppData\Local\Temp\540cc929a5ede48f33b8658fa9ae6816.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 88
  2⤵
  - Program crash
  PID:1884

memory/2284-0-0x00000000001B0000-0x00000000001B3000-memory.dmp

Filesize
12KB

Download