c6437cf1a5e6f915f00d716125c47f169d2206682db6d2a19b6181ee9bd3a0ce

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 13:52

Target

7269c64fd8092d01403a2c10b23bbf22.exe
Size

91KB
MD5

7269c64fd8092d01403a2c10b23bbf22
SHA1

db126af2ff74f93c7e2980a3b51c7c1f24995ebf
SHA256

c6437cf1a5e6f915f00d716125c47f169d2206682db6d2a19b6181ee9bd3a0ce
SHA512

366cffcbd30ab7789ff7b996a04cb4fa7dc5aacf5498a5a203cfb9e3492ad564ca7d1190a5367005ee8440c1286ba114cbf034053206b50140cf80748dd2e77d
SSDEEP

1536:+c2UP+UJDnnfN223o/Mvs8qop+xdcf0mxEmSwckEGsBIA:+TUmUJTnfNokvnqosxK1KGsBIA

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2672	2004	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2672	2004	7269c64fd8092d01403a2c10b23bbf22.exe	28
PID 2004 wrote to memory of 2672	2004	7269c64fd8092d01403a2c10b23bbf22.exe	28
PID 2004 wrote to memory of 2672	2004	7269c64fd8092d01403a2c10b23bbf22.exe	28
PID 2004 wrote to memory of 2672	2004	7269c64fd8092d01403a2c10b23bbf22.exe	28

C:\Users\Admin\AppData\Local\Temp\7269c64fd8092d01403a2c10b23bbf22.exe
"C:\Users\Admin\AppData\Local\Temp\7269c64fd8092d01403a2c10b23bbf22.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 92
  2⤵
  - Program crash
  PID:2672