89ae728d57be25f06553edbe3e0a88ce4974490d12e1e77d96c1313613c8b276

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 13:46

Target

67c572b4f57edb7258dfd2798900468e.exe
Size

132KB
MD5

67c572b4f57edb7258dfd2798900468e
SHA1

9f4b10a8636f97f0500b719e3168e5ab01c5a78f
SHA256

89ae728d57be25f06553edbe3e0a88ce4974490d12e1e77d96c1313613c8b276
SHA512

096ebe0ac7fff58354bd91a6a396731e2d1360fa95db168c88b3339b6f4365bbe0a5266cb93edd38546272a1ff7eceaaaf4599b29ba39ed735668c92b99ab05a
SSDEEP

3072:TSu9kFL86YnkNG8EBZV9cMfWpb8HWk2hFtWtdgtiF0t9e:TdkFLPG8ErLcMepbe3FtCtMUe

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1700	2936	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 1700	2936	67c572b4f57edb7258dfd2798900468e.exe	28
PID 2936 wrote to memory of 1700	2936	67c572b4f57edb7258dfd2798900468e.exe	28
PID 2936 wrote to memory of 1700	2936	67c572b4f57edb7258dfd2798900468e.exe	28
PID 2936 wrote to memory of 1700	2936	67c572b4f57edb7258dfd2798900468e.exe	28

C:\Users\Admin\AppData\Local\Temp\67c572b4f57edb7258dfd2798900468e.exe
"C:\Users\Admin\AppData\Local\Temp\67c572b4f57edb7258dfd2798900468e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 36
  2⤵
  - Program crash
  PID:1700

memory/2936-0-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2936-1-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download