e0e80f760892e1a26da2ee8f073b1f8c7c36229f13f97f8bc7cee8f43805bae9

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:50

Target

7502e41c6ab7dbbbdf0c781244ac5e22.exe
Size

55KB
MD5

7502e41c6ab7dbbbdf0c781244ac5e22
SHA1

797af75102cdd619301cf0919b8931eb7fed48da
SHA256

e0e80f760892e1a26da2ee8f073b1f8c7c36229f13f97f8bc7cee8f43805bae9
SHA512

8267b2a12b8bc834407e25a767af9f55963fceab688a518abda5db6274cd65b0c7a270f475f46d4ef10f786cf50efb6905de0bd931a711a768cfcba8ee2d9871
SSDEEP

768:0dkTIx9+V34C0daSpzrLbt42iL0ffIZTrN5bQnmqkzcbAZZk8vZQ/1H58fZXdnhg:0dkTMaIC0USp3LbDOUtkziAZZkqZqo

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1988 1276 WerFault.exe 7502e41c6ab7dbbbdf0c781244ac5e22.exe

pid	pid_target	process	target process
1988	1276	WerFault.exe	7502e41c6ab7dbbbdf0c781244ac5e22.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

7502e41c6ab7dbbbdf0c781244ac5e22.exe

description	pid	process	target process
PID 1276 wrote to memory of 1988	1276	7502e41c6ab7dbbbdf0c781244ac5e22.exe	WerFault.exe
PID 1276 wrote to memory of 1988	1276	7502e41c6ab7dbbbdf0c781244ac5e22.exe	WerFault.exe
PID 1276 wrote to memory of 1988	1276	7502e41c6ab7dbbbdf0c781244ac5e22.exe	WerFault.exe
PID 1276 wrote to memory of 1988	1276	7502e41c6ab7dbbbdf0c781244ac5e22.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\7502e41c6ab7dbbbdf0c781244ac5e22.exe
"C:\Users\Admin\AppData\Local\Temp\7502e41c6ab7dbbbdf0c781244ac5e22.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 140
2⤵
- Program crash
PID:1988

memory/1276-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download