4838f9f107ce82abaa70468300f55e4214110b277ddb081b796eab9ef71ac61a

Analysis

max time kernel
151s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-01-2024 01:59

Target

63a82685bec975eab6cd18aa17055a6e.exe
Size

212KB
MD5

63a82685bec975eab6cd18aa17055a6e
SHA1

dbada9fee01cf78a7dc087521598397017ce2884
SHA256

4838f9f107ce82abaa70468300f55e4214110b277ddb081b796eab9ef71ac61a
SHA512

fc649940af387de973367e59193ed358722ec8b736171b751c1487fe6f8c9e00038076e158329f46dfbc5285fe4fcadca9c287658e47cff250d72e90fcbdc8de
SSDEEP

3072:eebXKiqGw1PTfRY8+ZTPZVPpF6QLEh+OvA:VbXnqGwxTfaTRjF65h+O

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\spool\PRTPROCS\x64\25979A3.tmp	63a82685bec975eab6cd18aa17055a6e.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2720	2772	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2720	2772	63a82685bec975eab6cd18aa17055a6e.exe	28
PID 2772 wrote to memory of 2720	2772	63a82685bec975eab6cd18aa17055a6e.exe	28
PID 2772 wrote to memory of 2720	2772	63a82685bec975eab6cd18aa17055a6e.exe	28
PID 2772 wrote to memory of 2720	2772	63a82685bec975eab6cd18aa17055a6e.exe	28

C:\Users\Admin\AppData\Local\Temp\63a82685bec975eab6cd18aa17055a6e.exe
"C:\Users\Admin\AppData\Local\Temp\63a82685bec975eab6cd18aa17055a6e.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 228
  2⤵
  - Program crash
  PID:2720

memory/2772-0-0x00000000002B0000-0x00000000002CC000-memory.dmp

Filesize
112KB

Download
memory/2772-2-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2772-1-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download
memory/2772-8-0x00000000002B0000-0x00000000002CC000-memory.dmp

Filesize
112KB

Download
memory/2772-10-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download