6441f69c1d2d0a56ce6fdd8c65b8fe26d9f1c88bb9f77b07f567fcc4978d3683

Analysis

max time kernel
140s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 20:42

Target

78575b271bad180562e4dc8df3d8e69b.exe
Size

50KB
MD5

78575b271bad180562e4dc8df3d8e69b
SHA1

aa7af53dcd73b069fd22493e98682fb38e4bb817
SHA256

6441f69c1d2d0a56ce6fdd8c65b8fe26d9f1c88bb9f77b07f567fcc4978d3683
SHA512

58a1e438d87e5a9f3e8d3f9f2b5adb81fc931af6ed1dc579f1c164381f1c30d294372b67d95019c59f01338eb4bd706bbb04841ef95a36d8ea971b8ce589ecbf
SSDEEP

768:Q2nugY9n0QsIqIU6EoBAbbR547bFV5eMZUSY2AsQN1UeVdGP1jRkVQ8oyk2:Q8pqTZqIU6ESAZ5Q82ARQ1iVQ8oz

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2508	2052	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2508	2052	78575b271bad180562e4dc8df3d8e69b.exe	28
PID 2052 wrote to memory of 2508	2052	78575b271bad180562e4dc8df3d8e69b.exe	28
PID 2052 wrote to memory of 2508	2052	78575b271bad180562e4dc8df3d8e69b.exe	28
PID 2052 wrote to memory of 2508	2052	78575b271bad180562e4dc8df3d8e69b.exe	28

C:\Users\Admin\AppData\Local\Temp\78575b271bad180562e4dc8df3d8e69b.exe
"C:\Users\Admin\AppData\Local\Temp\78575b271bad180562e4dc8df3d8e69b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 96
  2⤵
  - Program crash
  PID:2508

memory/2052-0-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2052-1-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download