13e16349e8f38767fe4ba74a1fa98373efd1100c1f9abdf4d6063aeb0751fca6

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 13:01

Target

724ea92e49b1bbb73fa4e5e4b8ad84df.exe
Size

435KB
MD5

724ea92e49b1bbb73fa4e5e4b8ad84df
SHA1

b26af03d519dcb9b06d6d525533389e08a83a35f
SHA256

13e16349e8f38767fe4ba74a1fa98373efd1100c1f9abdf4d6063aeb0751fca6
SHA512

c8074c73ef180235d9243e356e4f143c9f5dfb9de503fd0514407a2b7f80f2dec56be2c336224021ac5e84d44f836c1d5aefd6bb54a2c82be219f521434ac007
SSDEEP

6144:VZQXFObtpJv32JyAkS+Q5IMUHvG/cZeHBPAW9Y3GACea4Eephx+iaFKcSqwslzHf:VaKv3vS+MUPscZGB/1AjdpbNqpHS9w

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1660	1156	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 1660	1156	724ea92e49b1bbb73fa4e5e4b8ad84df.exe	28
PID 1156 wrote to memory of 1660	1156	724ea92e49b1bbb73fa4e5e4b8ad84df.exe	28
PID 1156 wrote to memory of 1660	1156	724ea92e49b1bbb73fa4e5e4b8ad84df.exe	28
PID 1156 wrote to memory of 1660	1156	724ea92e49b1bbb73fa4e5e4b8ad84df.exe	28

C:\Users\Admin\AppData\Local\Temp\724ea92e49b1bbb73fa4e5e4b8ad84df.exe
"C:\Users\Admin\AppData\Local\Temp\724ea92e49b1bbb73fa4e5e4b8ad84df.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 96
  2⤵
  - Program crash
  PID:1660

memory/1156-0-0x0000000000400000-0x000000000079D000-memory.dmp

Filesize
3.6MB

Download
memory/1156-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1156-2-0x0000000000400000-0x000000000079D000-memory.dmp

Filesize
3.6MB

Download