1b7001f1d92618b4b8465ec0ce98ab80bfc3e2900d9df4fb7769e58b8886a4f7

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 04:50

Target

5a547088e74fb74e2b2719280c161c1f.exe
Size

67KB
MD5

5a547088e74fb74e2b2719280c161c1f
SHA1

675323651df44163a5a380bd7e1e1b9899339d7f
SHA256

1b7001f1d92618b4b8465ec0ce98ab80bfc3e2900d9df4fb7769e58b8886a4f7
SHA512

2bf57d19b729ad9c4247e94d7e6931fe028b6f6e81b32c2a9a1bbe9b46427b91b21228336ad3169ed2318ceb3cc36844a29f6ae0602aa51d1e4de653166f4b71
SSDEEP

1536:qnfj5WuRCdiDcem/ucPUKbBowcCcsr4PvJE+KCdC9lfynA9+0Z0:28HRuKbBo3qr4HJjAJZ0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3032	2672	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 3032	2672	5a547088e74fb74e2b2719280c161c1f.exe	16
PID 2672 wrote to memory of 3032	2672	5a547088e74fb74e2b2719280c161c1f.exe	16
PID 2672 wrote to memory of 3032	2672	5a547088e74fb74e2b2719280c161c1f.exe	16
PID 2672 wrote to memory of 3032	2672	5a547088e74fb74e2b2719280c161c1f.exe	16

C:\Users\Admin\AppData\Local\Temp\5a547088e74fb74e2b2719280c161c1f.exe
"C:\Users\Admin\AppData\Local\Temp\5a547088e74fb74e2b2719280c161c1f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 36
  2⤵
  - Program crash
  PID:3032

memory/2672-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download