08fd0d4fe3da3e4a714d129ddee649757b5bddee7d67574e7c3b441e1cc1d435

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:19

Target

75134b548ab81fd2486c24d7a2f943fe.exe
Size

76KB
MD5

75134b548ab81fd2486c24d7a2f943fe
SHA1

7b876b31e8fec7807e8cf3cbac75b11c9196dcd1
SHA256

08fd0d4fe3da3e4a714d129ddee649757b5bddee7d67574e7c3b441e1cc1d435
SHA512

bfc5ebf577891ca074f46a778093d9789405f75a06860dfb1de06da43d7f0584a605cdd5e02cde79d8e11c0d3f30e654353258a7e28f258c9d7cb8f69229e6f0
SSDEEP

1536:NMMM7nCi2Sw3rBsxAP8iKZ3NzWvdEuUaAlmlGUOj2Q2Mt9WI56pjVrs2ryrd1vUZ:wCi2Sw3Fsxi81qEPJml0R56Hs2qo

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2316 2336 WerFault.exe 75134b548ab81fd2486c24d7a2f943fe.exe

pid	pid_target	process	target process
2316	2336	WerFault.exe	75134b548ab81fd2486c24d7a2f943fe.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

75134b548ab81fd2486c24d7a2f943fe.exe

description	pid	process	target process
PID 2336 wrote to memory of 2316	2336	75134b548ab81fd2486c24d7a2f943fe.exe	WerFault.exe
PID 2336 wrote to memory of 2316	2336	75134b548ab81fd2486c24d7a2f943fe.exe	WerFault.exe
PID 2336 wrote to memory of 2316	2336	75134b548ab81fd2486c24d7a2f943fe.exe	WerFault.exe
PID 2336 wrote to memory of 2316	2336	75134b548ab81fd2486c24d7a2f943fe.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\75134b548ab81fd2486c24d7a2f943fe.exe
"C:\Users\Admin\AppData\Local\Temp\75134b548ab81fd2486c24d7a2f943fe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 36
2⤵
- Program crash
PID:2316

memory/2336-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download