e113af2a423331bf5b079ccb74ce7a15605389cc96e48aa993d3ae7227c0c44b

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-01-2024 03:15

Target

714c6facc2c5a9ce98f42165d94f5dd9.exe
Size

37KB
MD5

714c6facc2c5a9ce98f42165d94f5dd9
SHA1

f98b2431b85f0e781e10446eb562ae8d63a3174b
SHA256

e113af2a423331bf5b079ccb74ce7a15605389cc96e48aa993d3ae7227c0c44b
SHA512

a3292041345e8d49aba307d0a4069b40644b6817babf6f5f2d08e77c20e5661577536a7a060104122c12b9d180d4dc5030972554e04a9fdbb4d5dfa42074a284
SSDEEP

768:rJ+CsHVU005A+Vk+GCCbY7wEzZQeJLRVQ/SpkVUvDaiFBWnzmQchgY:rJ+DVJ0Cp+6UMk+YLRVQ/SpksSyRD

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2220	2180	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2220	2180	714c6facc2c5a9ce98f42165d94f5dd9.exe	14
PID 2180 wrote to memory of 2220	2180	714c6facc2c5a9ce98f42165d94f5dd9.exe	14
PID 2180 wrote to memory of 2220	2180	714c6facc2c5a9ce98f42165d94f5dd9.exe	14
PID 2180 wrote to memory of 2220	2180	714c6facc2c5a9ce98f42165d94f5dd9.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 36
1⤵
- Program crash
PID:2220

C:\Users\Admin\AppData\Local\Temp\714c6facc2c5a9ce98f42165d94f5dd9.exe
"C:\Users\Admin\AppData\Local\Temp\714c6facc2c5a9ce98f42165d94f5dd9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2180