a20735ecb1250dba9c90f6d3d1367e553a153a5b1e9b11ce2b91127344acb455

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-01-2024 15:29

Target

6fc9c74a9d6c7b8cdb88b6ec95a6037e.exe
Size

319KB
MD5

6fc9c74a9d6c7b8cdb88b6ec95a6037e
SHA1

4b5f9504c147b7543798645bb702f503f9e3d0a5
SHA256

a20735ecb1250dba9c90f6d3d1367e553a153a5b1e9b11ce2b91127344acb455
SHA512

37def862e1b293c22a3f1cd09bda39bed19503f5d40cf77d50780efd6d459e4592dd39d59371c70617ec16194306fa37a6822068bc8fac8b04cf030e887887bd
SSDEEP

1536:jRJMDyf1J/Z30qT2Cx9o5u1O3/cVyTKwt2RCzU7LnsoeHf:jH/ZhYQE/cV8Zt+Cz2so

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2296	2904	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2296	2904	6fc9c74a9d6c7b8cdb88b6ec95a6037e.exe	28
PID 2904 wrote to memory of 2296	2904	6fc9c74a9d6c7b8cdb88b6ec95a6037e.exe	28
PID 2904 wrote to memory of 2296	2904	6fc9c74a9d6c7b8cdb88b6ec95a6037e.exe	28
PID 2904 wrote to memory of 2296	2904	6fc9c74a9d6c7b8cdb88b6ec95a6037e.exe	28

C:\Users\Admin\AppData\Local\Temp\6fc9c74a9d6c7b8cdb88b6ec95a6037e.exe
"C:\Users\Admin\AppData\Local\Temp\6fc9c74a9d6c7b8cdb88b6ec95a6037e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 224
  2⤵
  - Program crash
  PID:2296

memory/2904-0-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2904-1-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download