525b6806238830320d9394243d91e415b4de3596d4fd0d0e11d35765e794fc57

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:32

Target

751aa524b5d3b3cbf2b5b91a0caa17e5.exe
Size

112KB
MD5

751aa524b5d3b3cbf2b5b91a0caa17e5
SHA1

19385355c4a4c203b4d21b848bfffb907c43aad1
SHA256

525b6806238830320d9394243d91e415b4de3596d4fd0d0e11d35765e794fc57
SHA512

d2236d996bcd2b9854c18677e76d0bc9269dd08b890fe543890e7d5748f8580e0f1b49e7dcfb29377011aab2438617e66da446746e92f06e3327e3e5335f218f
SSDEEP

3072:cI19G7a4g+fJDUTf95eYFe/jEWuY4aad4p4cF6FcAa+/8itia:51qal+fpmjeKOJad4p4cF2Z8E

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
2304	1888	WerFault.exe	8

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

751aa524b5d3b3cbf2b5b91a0caa17e5.exe

description	pid	Process	procid_target
PID 1888 wrote to memory of 2304	1888	751aa524b5d3b3cbf2b5b91a0caa17e5.exe	28
PID 1888 wrote to memory of 2304	1888	751aa524b5d3b3cbf2b5b91a0caa17e5.exe	28
PID 1888 wrote to memory of 2304	1888	751aa524b5d3b3cbf2b5b91a0caa17e5.exe	28
PID 1888 wrote to memory of 2304	1888	751aa524b5d3b3cbf2b5b91a0caa17e5.exe	28

C:\Users\Admin\AppData\Local\Temp\751aa524b5d3b3cbf2b5b91a0caa17e5.exe
"C:\Users\Admin\AppData\Local\Temp\751aa524b5d3b3cbf2b5b91a0caa17e5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 36
  2⤵
  - Program crash
  PID:2304

memory/1888-0-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download