dea49689da4cea58c35fae548be0a3707b46c5e4515e941ff823247d70b950ac

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 19:07

Target

75489cd3fe858a8bd806f8d0f9e9b565.exe
Size

31KB
MD5

75489cd3fe858a8bd806f8d0f9e9b565
SHA1

3dbbe9a627f1e95cbc0a8855bda51ee89ecac9af
SHA256

dea49689da4cea58c35fae548be0a3707b46c5e4515e941ff823247d70b950ac
SHA512

b8c98e005b75bd0d70c0872188deff03417d3593f49b255cf3530d5c7422140fcaf81cc0f7d9c1920e8cc130a7bfb763246583388e11d5abd529087298979e46
SSDEEP

768:Zz6vkq9fKy4Q4UhEPgopogC7Hbga1QiidR0nt/p+ClryRVXry0e:UkqgzQ4uEoomgobgiQiaROJp+lRPe

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3004	2928	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 3004	2928	75489cd3fe858a8bd806f8d0f9e9b565.exe	28
PID 2928 wrote to memory of 3004	2928	75489cd3fe858a8bd806f8d0f9e9b565.exe	28
PID 2928 wrote to memory of 3004	2928	75489cd3fe858a8bd806f8d0f9e9b565.exe	28
PID 2928 wrote to memory of 3004	2928	75489cd3fe858a8bd806f8d0f9e9b565.exe	28

C:\Users\Admin\AppData\Local\Temp\75489cd3fe858a8bd806f8d0f9e9b565.exe
"C:\Users\Admin\AppData\Local\Temp\75489cd3fe858a8bd806f8d0f9e9b565.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 88
  2⤵
  - Program crash
  PID:3004

memory/2928-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download