7f86ee3f8ca187da77855cf82d73e38aabbf68f7ff40e84ea9e12692e3dca49b

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 12:51

Target

Updater.exe
Size

23KB
MD5

6c52048baefeb943532535d0df79109b
SHA1

58a721c1bdcc32a43c06d585fbcd89163c8cea18
SHA256

7f86ee3f8ca187da77855cf82d73e38aabbf68f7ff40e84ea9e12692e3dca49b
SHA512

fa34b8cef279762db398594093ae2b93ae3de48506f4b84d45e13913c427fd7d78f7cdc4c7d9810a9336376c5e8b29c3863d015380986fbb6f810b430e6ad788
SSDEEP

384:zSGsknV4kgZEp+T/FWkW8FwndRKb/V+Y2Gxli22jbAaeYjhRIh6u5IugM1CQEs:twNW104dmV+Y2Gcet5rZB1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2864	2356	WerFault.exe	13

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2864	2356	Updater.exe	28
PID 2356 wrote to memory of 2864	2356	Updater.exe	28
PID 2356 wrote to memory of 2864	2356	Updater.exe	28
PID 2356 wrote to memory of 2864	2356	Updater.exe	28

C:\Users\Admin\AppData\Local\Temp\Updater.exe
"C:\Users\Admin\AppData\Local\Temp\Updater.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 656
  2⤵
  - Program crash
  PID:2864

memory/2356-0-0x0000000000330000-0x000000000033C000-memory.dmp

Filesize
48KB

Download
memory/2356-1-0x00000000744D0000-0x0000000074BBE000-memory.dmp

Filesize
6.9MB

Download
memory/2356-2-0x0000000000410000-0x0000000000450000-memory.dmp

Filesize
256KB

Download
memory/2356-3-0x00000000744D0000-0x0000000074BBE000-memory.dmp

Filesize
6.9MB

Download
memory/2356-4-0x0000000000410000-0x0000000000450000-memory.dmp

Filesize
256KB

Download