10f299d0ae3f143ffa249eb9850cf0cb50643a691c60d80d0c82c2f3cb3fca6b

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 12:46

Target

file.exe
Size

654KB
MD5

dee63473a06ba61e8c176166609f3dbc
SHA1

40d399b25974e5d969a1f97604b35e93e19b82d3
SHA256

10f299d0ae3f143ffa249eb9850cf0cb50643a691c60d80d0c82c2f3cb3fca6b
SHA512

416ca33de603b33e0ae49e292d06747e1e9fc1d8af9f1f750d8171495e6a4d6cde743b9ef6b8f79be4c171a63e3a6a932b1b6882d6e011092342fd060969774c
SSDEEP

12288:h3VIyYfc7/SMQg5Z+9M+eF16C18NT6qxb8c3rfrVKHtmDajkzfFX0fte55nvVTIL:h3VRYkrQg5iwFwC18NTtV2mujkzfF3Pu

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2684 1664 WerFault.exe file.exe

pid	pid_target	process	target process
2684	1664	WerFault.exe	file.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

file.exe

description	pid	process	target process
PID 1664 wrote to memory of 2684	1664	file.exe	WerFault.exe
PID 1664 wrote to memory of 2684	1664	file.exe	WerFault.exe
PID 1664 wrote to memory of 2684	1664	file.exe	WerFault.exe
PID 1664 wrote to memory of 2684	1664	file.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 96
  2⤵
  - Program crash
  PID:2684

memory/1664-0-0x0000000000230000-0x00000000002B7000-memory.dmp

Filesize
540KB

Download
memory/1664-5-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download