ce25179f80be5f18a9a20109b614b9cc172f24c0ba17052ca3e30d5437ac88e3

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
17-01-2024 22:25

Target

63c45dec3a08d0bdf8bdf1cb78608a6a.exe
Size

422KB
MD5

63c45dec3a08d0bdf8bdf1cb78608a6a
SHA1

47ec71198704ca6f05bab84107407ede6a0193ca
SHA256

ce25179f80be5f18a9a20109b614b9cc172f24c0ba17052ca3e30d5437ac88e3
SHA512

454d381be10483f8694e7a34e5ed7e0ef32f98123094d8be7c3438efdb5d206737c25693d38735164aa5b95ec810de9ff45576a7789de8cd013020ba79497b10
SSDEEP

6144:ykB1INZdWaFzaE7mDGg7Y4+MFyBPys80G5sEOi9Ri9na5UVx3:ykBgdW/E7mDGg8xMkBp80GiZa5UVh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2272	2532	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2272	2532	63c45dec3a08d0bdf8bdf1cb78608a6a.exe	28
PID 2532 wrote to memory of 2272	2532	63c45dec3a08d0bdf8bdf1cb78608a6a.exe	28
PID 2532 wrote to memory of 2272	2532	63c45dec3a08d0bdf8bdf1cb78608a6a.exe	28
PID 2532 wrote to memory of 2272	2532	63c45dec3a08d0bdf8bdf1cb78608a6a.exe	28

C:\Users\Admin\AppData\Local\Temp\63c45dec3a08d0bdf8bdf1cb78608a6a.exe
"C:\Users\Admin\AppData\Local\Temp\63c45dec3a08d0bdf8bdf1cb78608a6a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 116
  2⤵
  - Program crash
  PID:2272

memory/2532-0-0x0000000001040000-0x00000000010AE000-memory.dmp

Filesize
440KB

Download