7829c33e99dbc01f65c3f63753bea7eb437346f26d9f2a6eafec7a7dee829111

Analysis

max time kernel
141s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 01:30

Target

551e4cd3dbf86d6d3508288ebc146128.exe
Size

76KB
MD5

551e4cd3dbf86d6d3508288ebc146128
SHA1

ffbdefbb4d80d2575f3c86c24b13d8f52ff32af4
SHA256

7829c33e99dbc01f65c3f63753bea7eb437346f26d9f2a6eafec7a7dee829111
SHA512

5b86c960d0261c9b2e2cb8e8b84b9c69e973ac45e0f833e3298abb4d6efb1741d5f5b5c76a9210a802f68346f401abd0d644a804a00201c0b3a15901e56faf40
SSDEEP

1536:O/ePyXHZ7DA4BfBrmTiXvvvUgbFNCuACP1DIgN:MeSHZ7DTBfBrB/UgbFNCuAq2C

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2168	108	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 108 wrote to memory of 2168	108	551e4cd3dbf86d6d3508288ebc146128.exe	28
PID 108 wrote to memory of 2168	108	551e4cd3dbf86d6d3508288ebc146128.exe	28
PID 108 wrote to memory of 2168	108	551e4cd3dbf86d6d3508288ebc146128.exe	28
PID 108 wrote to memory of 2168	108	551e4cd3dbf86d6d3508288ebc146128.exe	28

C:\Users\Admin\AppData\Local\Temp\551e4cd3dbf86d6d3508288ebc146128.exe
"C:\Users\Admin\AppData\Local\Temp\551e4cd3dbf86d6d3508288ebc146128.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:108
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 108
  2⤵
  - Program crash
  PID:2168

memory/108-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/108-1-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download