10c896e4274ebbc1c17cf11faa713b6992b578f60dd15aa7f43d4b0404801ae0

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 06:34

Target

58395ba432bf245ab75357c3aa8fa8c1.exe
Size

367KB
MD5

58395ba432bf245ab75357c3aa8fa8c1
SHA1

6d3c68fbf0b999e36277f8170b51375d47efe925
SHA256

10c896e4274ebbc1c17cf11faa713b6992b578f60dd15aa7f43d4b0404801ae0
SHA512

626c91648ae12d1324f9466b7844ab02fc4b7d3f7de3dc749aeb06e44b978697fc231039b5dc22d70dfb7a5ff7f35b878739419254f5a1f555e94b44ef55333e
SSDEEP

6144:eZpclA4kUrIPyMTDEwhdHe3BGdUZX1WIqgqwxVO6lzoMdmWZBIH0IaUUneJptZF2:erclANyIjTgwb+AdUzBqoDrppIaT8pFc

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1720	2488	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 1720	2488	58395ba432bf245ab75357c3aa8fa8c1.exe	28
PID 2488 wrote to memory of 1720	2488	58395ba432bf245ab75357c3aa8fa8c1.exe	28
PID 2488 wrote to memory of 1720	2488	58395ba432bf245ab75357c3aa8fa8c1.exe	28
PID 2488 wrote to memory of 1720	2488	58395ba432bf245ab75357c3aa8fa8c1.exe	28

C:\Users\Admin\AppData\Local\Temp\58395ba432bf245ab75357c3aa8fa8c1.exe
"C:\Users\Admin\AppData\Local\Temp\58395ba432bf245ab75357c3aa8fa8c1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 36
  2⤵
  - Program crash
  PID:1720

memory/2488-0-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download