dda2f49ee4115d78f797ccb45a412f52acb6e92ff5584d996dc4f8632af77ee3

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 12:33

Target

58ec718af1fce2cb9505d505abc3f5af.exe
Size

144KB
MD5

58ec718af1fce2cb9505d505abc3f5af
SHA1

0e7138a53e24073277081bdd35e4ed4665432267
SHA256

dda2f49ee4115d78f797ccb45a412f52acb6e92ff5584d996dc4f8632af77ee3
SHA512

30e207d75d234a1bcc1970c547efbde71c1dfae92b3248a2b0befc7c112a2829039dc1cf1c8d5b5556c5d73bb638165d212585a61cba287136381bb03aed2555
SSDEEP

768:IxXPWly2FRUJxSFyJwAOVsY5R6xCLTRwFdIPKzyMq2UNphTUfjpIKKsk+NN1:Ixe7eLw2Y5ROMRwoPIyDNphTUfRtk+D

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1960	1736	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1960	1736	58ec718af1fce2cb9505d505abc3f5af.exe	28
PID 1736 wrote to memory of 1960	1736	58ec718af1fce2cb9505d505abc3f5af.exe	28
PID 1736 wrote to memory of 1960	1736	58ec718af1fce2cb9505d505abc3f5af.exe	28
PID 1736 wrote to memory of 1960	1736	58ec718af1fce2cb9505d505abc3f5af.exe	28

C:\Users\Admin\AppData\Local\Temp\58ec718af1fce2cb9505d505abc3f5af.exe
"C:\Users\Admin\AppData\Local\Temp\58ec718af1fce2cb9505d505abc3f5af.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 148
  2⤵
  - Program crash
  PID:1960

memory/1736-0-0x0000000000400000-0x0000000000424600-memory.dmp

Filesize
145KB

Download
memory/1736-1-0x0000000000400000-0x0000000000424600-memory.dmp

Filesize
145KB

Download