1453e149ff91aab74a9da067cfb8a7f745833a77cc886712569addaad9e86c90

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 07:42

Target

64d93720e8df5ace4b8b2b7071219a60.exe
Size

26KB
MD5

64d93720e8df5ace4b8b2b7071219a60
SHA1

4e819f44dc9dc3a0b9d251e893a3a05aa7869301
SHA256

1453e149ff91aab74a9da067cfb8a7f745833a77cc886712569addaad9e86c90
SHA512

5b17e737cbd5b28265a47b0562659567169446bc69d7e47a791c1f005b071c2e4968184cc4e062a2eda276e5a367df786141b760f106a5bd97db3fcc785737e0
SSDEEP

384:33a2PoNoo7VVLp+mQYZLhqV8WWexmZ7a766jtJdAna6hf0xr30RLo/tMa:33oNo+eIq2WWeUZ7adH6hf0xr3MLYM

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1988	356	WerFault.exe	13

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 356 wrote to memory of 1988	356	64d93720e8df5ace4b8b2b7071219a60.exe	28
PID 356 wrote to memory of 1988	356	64d93720e8df5ace4b8b2b7071219a60.exe	28
PID 356 wrote to memory of 1988	356	64d93720e8df5ace4b8b2b7071219a60.exe	28
PID 356 wrote to memory of 1988	356	64d93720e8df5ace4b8b2b7071219a60.exe	28

C:\Users\Admin\AppData\Local\Temp\64d93720e8df5ace4b8b2b7071219a60.exe
"C:\Users\Admin\AppData\Local\Temp\64d93720e8df5ace4b8b2b7071219a60.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 116
  2⤵
  - Program crash
  PID:1988

memory/356-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/356-1-0x00000000003C0000-0x00000000003F0000-memory.dmp

Filesize
192KB

Download
memory/356-2-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download