2dd8144fb64d07f95342ca33308526c904ea39390b8417aa16445cbb1a5a9b21

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 10:00

Target

746667169fca1fec94c612e91f560f81.exe
Size

93KB
MD5

746667169fca1fec94c612e91f560f81
SHA1

830d843522068fa1648fc02a4a303e64d80a3283
SHA256

2dd8144fb64d07f95342ca33308526c904ea39390b8417aa16445cbb1a5a9b21
SHA512

502ca2f2fb31c9c2d1e516ca1938c306f9d3c4f1d07e04208c59a4f7872e2105b1aa4a6db9ea9babe8ec2186c9bc7e6349aec772c5b22b5414bd7c9b6b52bcc9
SSDEEP

1536:nzq5NUQ7UFXMdcScCWNm2K+7ZI6i1HcIYe8raR0fvPcN0q1qYVze0NW4lIzB:aNU2UOzVWk2T9i1HNYe8raR0HPcFVzeV

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2720	1236	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 2720	1236	746667169fca1fec94c612e91f560f81.exe	29
PID 1236 wrote to memory of 2720	1236	746667169fca1fec94c612e91f560f81.exe	29
PID 1236 wrote to memory of 2720	1236	746667169fca1fec94c612e91f560f81.exe	29
PID 1236 wrote to memory of 2720	1236	746667169fca1fec94c612e91f560f81.exe	29

C:\Users\Admin\AppData\Local\Temp\746667169fca1fec94c612e91f560f81.exe
"C:\Users\Admin\AppData\Local\Temp\746667169fca1fec94c612e91f560f81.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 904
  2⤵
  - Program crash
  PID:2720

memory/1236-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download