058f442d5447d33373a3b06e1ea706cb17fac82dc520601a3181cfbf3b81c6d6

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 21:05

Target

59692698ab3f4e560a790a822d02f80c.exe
Size

100KB
MD5

59692698ab3f4e560a790a822d02f80c
SHA1

016067a5ff2d8fe94b04054714038e57c31f8f2f
SHA256

058f442d5447d33373a3b06e1ea706cb17fac82dc520601a3181cfbf3b81c6d6
SHA512

3e259df170b1ec725c33ed97209c5cf8b03a15ced7bf66af70ebb0890bba48cdee2edf2da8b04901ccc4f60f4bf319ac9e2de1300c733c12a1b1bbbfc36db984
SSDEEP

1536:5V/Vvwrb/4ecaypzb7fmhE4Bd97fB5168y5cFkmg/8s:5Vlyb/5chpzbcEEPrBPLy+Tg/J

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2124	3008	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2124	3008	59692698ab3f4e560a790a822d02f80c.exe	28
PID 3008 wrote to memory of 2124	3008	59692698ab3f4e560a790a822d02f80c.exe	28
PID 3008 wrote to memory of 2124	3008	59692698ab3f4e560a790a822d02f80c.exe	28
PID 3008 wrote to memory of 2124	3008	59692698ab3f4e560a790a822d02f80c.exe	28

C:\Users\Admin\AppData\Local\Temp\59692698ab3f4e560a790a822d02f80c.exe
"C:\Users\Admin\AppData\Local\Temp\59692698ab3f4e560a790a822d02f80c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 120
  2⤵
  - Program crash
  PID:2124