22e0bd245ae5ee2e2f0de26c8e8c97af071a0cac37e7b47ac5480ba3a235ee88

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 22:40

Target

5998cfcd2303c474a99e163cd75a1ed4.exe
Size

151KB
MD5

5998cfcd2303c474a99e163cd75a1ed4
SHA1

b61b5286677e1ad33ae02b3fbc48981755f841c1
SHA256

22e0bd245ae5ee2e2f0de26c8e8c97af071a0cac37e7b47ac5480ba3a235ee88
SHA512

3a7f5ebaf27d02821e4f3ef2518a9e6381a9778af91cc8eaf5a9bfce8368b3a1fe0716db45c917478eddbb3a6c5813d591d81994b4512b445b1c0fab13e744d3
SSDEEP

1536:zYk9QVLpuCCxNzQqlsvwe6nvcf3zvPCfkM8u+RJMvw83q7VoagHi:39QVLCbs41nmjSfcpHMI8a7Voa

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2508	2652	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2508	2652	5998cfcd2303c474a99e163cd75a1ed4.exe	28
PID 2652 wrote to memory of 2508	2652	5998cfcd2303c474a99e163cd75a1ed4.exe	28
PID 2652 wrote to memory of 2508	2652	5998cfcd2303c474a99e163cd75a1ed4.exe	28
PID 2652 wrote to memory of 2508	2652	5998cfcd2303c474a99e163cd75a1ed4.exe	28

C:\Users\Admin\AppData\Local\Temp\5998cfcd2303c474a99e163cd75a1ed4.exe
"C:\Users\Admin\AppData\Local\Temp\5998cfcd2303c474a99e163cd75a1ed4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 36
  2⤵
  - Program crash
  PID:2508