3baf8d1cf9b649c7c802c1cfa6eed29fd4b285ba47f5d35b2c862907f2f736ec

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 11:16

Target

0VOthsKNyb3X9Og.exe
Size

770KB
MD5

5f947fd44e2d6440c3c33f672afdaf53
SHA1

d856fcf4695690d9100ad49fdb7dc1145b1a7644
SHA256

3baf8d1cf9b649c7c802c1cfa6eed29fd4b285ba47f5d35b2c862907f2f736ec
SHA512

3c85ac082e6c9c83d0c187c51e14b13776f750b3a64374887766224f34b5ec7217f81652d7d674e1319a353b7fc420eb9467e7ea0c0efc55c7362060d5bd315c
SSDEEP

12288:NHo4SS5+1X8fKJdN9PoXgkq0loawju8JPEmSsW0zV/hTb:NHZd+1X8ifN9PoXg0GndFEmbWm/f

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2160	3044	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2160	3044	0VOthsKNyb3X9Og.exe	28
PID 3044 wrote to memory of 2160	3044	0VOthsKNyb3X9Og.exe	28
PID 3044 wrote to memory of 2160	3044	0VOthsKNyb3X9Og.exe	28
PID 3044 wrote to memory of 2160	3044	0VOthsKNyb3X9Og.exe	28

C:\Users\Admin\AppData\Local\Temp\0VOthsKNyb3X9Og.exe
"C:\Users\Admin\AppData\Local\Temp\0VOthsKNyb3X9Og.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 648
  2⤵
  - Program crash
  PID:2160

memory/3044-0-0x00000000003B0000-0x0000000000476000-memory.dmp

Filesize
792KB

Download
memory/3044-1-0x0000000074750000-0x0000000074E3E000-memory.dmp

Filesize
6.9MB

Download
memory/3044-2-0x0000000004DC0000-0x0000000004E00000-memory.dmp

Filesize
256KB

Download
memory/3044-3-0x0000000000290000-0x00000000002A4000-memory.dmp

Filesize
80KB

Download
memory/3044-4-0x0000000074750000-0x0000000074E3E000-memory.dmp

Filesize
6.9MB

Download
memory/3044-5-0x0000000004DC0000-0x0000000004E00000-memory.dmp

Filesize
256KB

Download