2be6e60b5ec4b747000cc067abbb476a0791a77b5d0d25725820a7fab2aaa710

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 15:42

Target

6800e764afc34b8781c16e47b562ea6f.exe
Size

183KB
MD5

6800e764afc34b8781c16e47b562ea6f
SHA1

9ad551d803b49378088c4339e3cbf7c16ec149bf
SHA256

2be6e60b5ec4b747000cc067abbb476a0791a77b5d0d25725820a7fab2aaa710
SHA512

e98a1756b2815d99a0a49f2b9ba06f85e7941f237fa783d7bc799fd916b1448c7618ccd18e63da872ab7763ada5248e481400fb42e707cc6e0617eb9688da962
SSDEEP

3072:T8SuUvFyUUKIUqQDnAavlz9cGEmhjtXJWmu8TUi/jFRJhEKYGYhR:ISuUsUUK3zDnAaTcxsjtX4muw5RJJl2R

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1104	1804	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 1104	1804	6800e764afc34b8781c16e47b562ea6f.exe	28
PID 1804 wrote to memory of 1104	1804	6800e764afc34b8781c16e47b562ea6f.exe	28
PID 1804 wrote to memory of 1104	1804	6800e764afc34b8781c16e47b562ea6f.exe	28
PID 1804 wrote to memory of 1104	1804	6800e764afc34b8781c16e47b562ea6f.exe	28

C:\Users\Admin\AppData\Local\Temp\6800e764afc34b8781c16e47b562ea6f.exe
"C:\Users\Admin\AppData\Local\Temp\6800e764afc34b8781c16e47b562ea6f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 36
  2⤵
  - Program crash
  PID:1104

memory/1804-0-0x0000000000400000-0x000000000042D200-memory.dmp

Filesize
180KB

Download