14dbbd86c006b34dcd19766da2396d65b98ca46dc28731bbf90f35f3384276e1

Analysis

max time kernel
159s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23-01-2024 21:44

Target

70a27d6f42e6194e9045ffb6a26e5d8a.exe
Size

139KB
MD5

70a27d6f42e6194e9045ffb6a26e5d8a
SHA1

b32c3d41f0a86b9827465a2a6ef9745e8dd2e52d
SHA256

14dbbd86c006b34dcd19766da2396d65b98ca46dc28731bbf90f35f3384276e1
SHA512

885809d9de216c7646c1563d49db1da2544087e4fe543f67840ed1551d81c055075348bc5347bffc71075fb957cbe070c52be9eadda678405d62d342a07f7a19
SSDEEP

3072:kPiFjQquZjf7k9P61mX3HcWNsa7JfGUdE/kyVhUdb+:kPiFc9f7QyS3cWNsa7JfGUdE/LhUdS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2796	2700	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2796	2700	70a27d6f42e6194e9045ffb6a26e5d8a.exe	16
PID 2700 wrote to memory of 2796	2700	70a27d6f42e6194e9045ffb6a26e5d8a.exe	16
PID 2700 wrote to memory of 2796	2700	70a27d6f42e6194e9045ffb6a26e5d8a.exe	16
PID 2700 wrote to memory of 2796	2700	70a27d6f42e6194e9045ffb6a26e5d8a.exe	16

C:\Users\Admin\AppData\Local\Temp\70a27d6f42e6194e9045ffb6a26e5d8a.exe
"C:\Users\Admin\AppData\Local\Temp\70a27d6f42e6194e9045ffb6a26e5d8a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 160
  2⤵
  - Program crash
  PID:2796

memory/2700-0-0x0000000000400000-0x000000000042E5E8-memory.dmp

Filesize
185KB

Download
memory/2700-1-0x0000000000400000-0x000000000042E5E8-memory.dmp

Filesize
185KB

Download