7963b586919f3f0b667a7b8ed847f579e000baf7a398dc95e61175b33dee08f4

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 09:29

Target

76fdbd409c9d0399939312f348c2b952.exe
Size

17KB
MD5

76fdbd409c9d0399939312f348c2b952
SHA1

731d3b5a32eb01dbd7dcfdcbec7eae91cb73bbf9
SHA256

7963b586919f3f0b667a7b8ed847f579e000baf7a398dc95e61175b33dee08f4
SHA512

83044a0d9f9e858317f32144404e60662756f0329c667bd746f19fbec93aef9636bb240c5af059f8ac4e6acef8003a0f30837b505afe39d554b7e185c6c7b5c8
SSDEEP

48:62fAawx9GkxbOKM7UAxWFiyQvLoJoNqmr5OKSp23qM41UEEmWjVU80:K7NOKM7TxDyMLoJo1r+I6M41UEEmWBx

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2928	2508	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2928	2508	76fdbd409c9d0399939312f348c2b952.exe	4
PID 2508 wrote to memory of 2928	2508	76fdbd409c9d0399939312f348c2b952.exe	4
PID 2508 wrote to memory of 2928	2508	76fdbd409c9d0399939312f348c2b952.exe	4
PID 2508 wrote to memory of 2928	2508	76fdbd409c9d0399939312f348c2b952.exe	4

C:\Users\Admin\AppData\Local\Temp\76fdbd409c9d0399939312f348c2b952.exe
"C:\Users\Admin\AppData\Local\Temp\76fdbd409c9d0399939312f348c2b952.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 36
  2⤵
  - Program crash
  PID:2928