da6c75822d4740a47dedc396c1400e54520917aa47253771c5f439fe9342deca

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 02:37 UTC

Target

64421646980f771d2a86a35bb0f56fd6.exe
Size

398KB
MD5

64421646980f771d2a86a35bb0f56fd6
SHA1

b892121b8705be3020a432ebf751843c81563f29
SHA256

da6c75822d4740a47dedc396c1400e54520917aa47253771c5f439fe9342deca
SHA512

d96eab928e9571ff0438f2c12a7ae60952873b29b623568f39c0c29c19e45f8bb04cc0427dea00258509b3bbdc103a87d1371a724d28f9af76d3fe3a833010fd
SSDEEP

6144:94y3iw/tfTKJSzMCq3WLEeY4iwSeV8qv0n9YS79C60Zww7CASs0:T3iw/tfaD73WATiSetv0n9bC60ZbQb

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2232	2500	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 2232	2500	64421646980f771d2a86a35bb0f56fd6.exe	28
PID 2500 wrote to memory of 2232	2500	64421646980f771d2a86a35bb0f56fd6.exe	28
PID 2500 wrote to memory of 2232	2500	64421646980f771d2a86a35bb0f56fd6.exe	28
PID 2500 wrote to memory of 2232	2500	64421646980f771d2a86a35bb0f56fd6.exe	28

C:\Users\Admin\AppData\Local\Temp\64421646980f771d2a86a35bb0f56fd6.exe
"C:\Users\Admin\AppData\Local\Temp\64421646980f771d2a86a35bb0f56fd6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 224
  2⤵
  - Program crash
  PID:2232

memory/2500-0-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download