35b27cbb5445f74c33d734a8406a7a2a7bd23d4f8e637de3125bd766654c0920

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 12:44

Target

67a733d94bc7edb68d2f47f7cb5d6aa3.exe
Size

1.3MB
MD5

67a733d94bc7edb68d2f47f7cb5d6aa3
SHA1

0361a5dab3f2d3c279bb46224486d8efc2935884
SHA256

35b27cbb5445f74c33d734a8406a7a2a7bd23d4f8e637de3125bd766654c0920
SHA512

1ad3841bfa6aee35adb2accccee7f47c2598cffeb936d62cb5acecc7de457880c4f414dd7263cc74e4da9c68965bcc5bd247f2091fcda5010a22142aff6c4e29
SSDEEP

24576:dDzQZ0HdUb7Rl5HBnAwnVAVjW+c4zbN6ZPTqHTNNR76:FynVAVrRbN8PTcTNN9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2168	1680	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 2168	1680	67a733d94bc7edb68d2f47f7cb5d6aa3.exe	28
PID 1680 wrote to memory of 2168	1680	67a733d94bc7edb68d2f47f7cb5d6aa3.exe	28
PID 1680 wrote to memory of 2168	1680	67a733d94bc7edb68d2f47f7cb5d6aa3.exe	28
PID 1680 wrote to memory of 2168	1680	67a733d94bc7edb68d2f47f7cb5d6aa3.exe	28

C:\Users\Admin\AppData\Local\Temp\67a733d94bc7edb68d2f47f7cb5d6aa3.exe
"C:\Users\Admin\AppData\Local\Temp\67a733d94bc7edb68d2f47f7cb5d6aa3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 204
  2⤵
  - Program crash
  PID:2168

memory/1680-0-0x0000000000400000-0x0000000000567000-memory.dmp

Filesize
1.4MB

Download