3dd6a3a3e036001cc74fd9bed78986aef914a95fc6b96cb4c17a31f69664907b

Analysis

max time kernel
142s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-01-2024 01:17

Target

6684b2c325bac45c7e5570e23a3d5f87.exe
Size

45KB
MD5

6684b2c325bac45c7e5570e23a3d5f87
SHA1

2c8b0cec0288b8d2f8b07c8c04655f3a6b1a3a6e
SHA256

3dd6a3a3e036001cc74fd9bed78986aef914a95fc6b96cb4c17a31f69664907b
SHA512

5b7128dfa825ab5c18fa0a4888fe9a83523d3b947db825f57f06828640d899ccb02ea113683e3b3a994be5efc2c39c5c761be9c32433831e9a5036e649facfaa
SSDEEP

768:YupqQcXJvsz/wuCd6Y03cf5f3qVcPGI40cHmqEMn4jtIWXvI2F/:jpqQcXJvsa0qf3PcZEfG8Q2F/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2356	1700	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2356	1700	6684b2c325bac45c7e5570e23a3d5f87.exe	28
PID 1700 wrote to memory of 2356	1700	6684b2c325bac45c7e5570e23a3d5f87.exe	28
PID 1700 wrote to memory of 2356	1700	6684b2c325bac45c7e5570e23a3d5f87.exe	28
PID 1700 wrote to memory of 2356	1700	6684b2c325bac45c7e5570e23a3d5f87.exe	28

C:\Users\Admin\AppData\Local\Temp\6684b2c325bac45c7e5570e23a3d5f87.exe
"C:\Users\Admin\AppData\Local\Temp\6684b2c325bac45c7e5570e23a3d5f87.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 128
  2⤵
  - Program crash
  PID:2356

memory/1700-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download