a18af41a925eef5f801a3adfedc8ded3a81b4177ca661797315f8a02a1bd018a

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:32

Target

751a964546f61ebb759a2a3fe1bb299a.exe
Size

112KB
MD5

751a964546f61ebb759a2a3fe1bb299a
SHA1

88edc8738a26a9d36c0b25f85756d2ee26ed6ee7
SHA256

a18af41a925eef5f801a3adfedc8ded3a81b4177ca661797315f8a02a1bd018a
SHA512

e4e2261e1a02f848d5569daa4edf13e6185aa47fcdce661e6c55f675bac1d9b1ab828c8bbc8d8218849509dc1cfaca0daa79596929585a568b3cff2c3fd3ceee
SSDEEP

1536:ozF8e0I06ZW0rh1QFJnba6mAzeT/ldQbFXdprhyzOYaIeAsZHzU0ofwye5l9iHdW:ne07srbkba+zeDQRyb4ZTU0of0lc9iz

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
2008	2060	WerFault.exe	5

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

751a964546f61ebb759a2a3fe1bb299a.exe

description	pid	Process	procid_target
PID 2060 wrote to memory of 2008	2060	751a964546f61ebb759a2a3fe1bb299a.exe	16
PID 2060 wrote to memory of 2008	2060	751a964546f61ebb759a2a3fe1bb299a.exe	16
PID 2060 wrote to memory of 2008	2060	751a964546f61ebb759a2a3fe1bb299a.exe	16
PID 2060 wrote to memory of 2008	2060	751a964546f61ebb759a2a3fe1bb299a.exe	16

C:\Users\Admin\AppData\Local\Temp\751a964546f61ebb759a2a3fe1bb299a.exe
"C:\Users\Admin\AppData\Local\Temp\751a964546f61ebb759a2a3fe1bb299a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 36
  2⤵
  - Program crash
  PID:2008

memory/2060-0-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2060-1-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download