6a4ec0d30cb4802ac679b3afadc19879bc887cda3f47a37d0a05cbad3b047793

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 18:01

Target

7803ff9946aa8282a14110bb3e6fa79a.exe
Size

1.1MB
MD5

7803ff9946aa8282a14110bb3e6fa79a
SHA1

d76a0be41c54d8004cf13f573a845ed161891529
SHA256

6a4ec0d30cb4802ac679b3afadc19879bc887cda3f47a37d0a05cbad3b047793
SHA512

fbfa9dec2c1bd8f4d0621e12f7c61430e195ee63585fab282c3807a18c78aeb74ec1ef2e2c360a2ff1545df3a00c12326b55905e3460d95d7142240624321b6d
SSDEEP

24576:uZ1vLTV/f2k4gE7zElBchr9voqtDrGFKPe03HLWUlt3VQ:u1vLZf2k4tElEr9ZtDaFKP73rWUlBy

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
752	3028	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 752	3028	7803ff9946aa8282a14110bb3e6fa79a.exe	28
PID 3028 wrote to memory of 752	3028	7803ff9946aa8282a14110bb3e6fa79a.exe	28
PID 3028 wrote to memory of 752	3028	7803ff9946aa8282a14110bb3e6fa79a.exe	28
PID 3028 wrote to memory of 752	3028	7803ff9946aa8282a14110bb3e6fa79a.exe	28

C:\Users\Admin\AppData\Local\Temp\7803ff9946aa8282a14110bb3e6fa79a.exe
"C:\Users\Admin\AppData\Local\Temp\7803ff9946aa8282a14110bb3e6fa79a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 136
  2⤵
  - Program crash
  PID:752

memory/3028-0-0x0000000000C10000-0x0000000000D0F000-memory.dmp

Filesize
1020KB

Download
memory/3028-1-0x0000000000C10000-0x0000000000D0F000-memory.dmp

Filesize
1020KB

Download