5ef31608c6de1c1c2d303dba7b63b1fd971053436e5e939489a649a6fba2912d

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18-01-2024 23:41

Target

6656a23b7e3f6ef22fbbb9b20c0c4ab2.exe
Size

21KB
MD5

6656a23b7e3f6ef22fbbb9b20c0c4ab2
SHA1

5b9d04eb01f51fdb11bcef3e72d2bfc0a93893bf
SHA256

5ef31608c6de1c1c2d303dba7b63b1fd971053436e5e939489a649a6fba2912d
SHA512

5c3eb2e2e58a34433e5caf969634cbe740d48e22ed724482fb7e871072b3748fa932cb7bc8555cab7aef0ef50217ad46e7408ccc5ac0ecb3c784877d13dac446
SSDEEP

384:wY4GVC+oogrfu4Ib/WhI2gee3pV3iIshC7G3m46E5gy6xugGmGi:scC3r9ILWh2ee5ZiITCSE5ILrh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2732	2084	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2732	2084	6656a23b7e3f6ef22fbbb9b20c0c4ab2.exe	28
PID 2084 wrote to memory of 2732	2084	6656a23b7e3f6ef22fbbb9b20c0c4ab2.exe	28
PID 2084 wrote to memory of 2732	2084	6656a23b7e3f6ef22fbbb9b20c0c4ab2.exe	28
PID 2084 wrote to memory of 2732	2084	6656a23b7e3f6ef22fbbb9b20c0c4ab2.exe	28

C:\Users\Admin\AppData\Local\Temp\6656a23b7e3f6ef22fbbb9b20c0c4ab2.exe
"C:\Users\Admin\AppData\Local\Temp\6656a23b7e3f6ef22fbbb9b20c0c4ab2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 36
  2⤵
  - Program crash
  PID:2732

memory/2084-0-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download