5b55b4f27bcd38528b929b78d8a3dbe6f1d687dd98c78c04d41804110fd6ed5c

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-01-2024 22:47

Target

7e349723101160058b16361d1614e6b8.exe
Size

278KB
MD5

7e349723101160058b16361d1614e6b8
SHA1

4e1f6fd68f4cd9a5ac6ed117bf2bee72f46550cd
SHA256

5b55b4f27bcd38528b929b78d8a3dbe6f1d687dd98c78c04d41804110fd6ed5c
SHA512

91275149e1df8557a78f9350db50479592ef0815a8e5eea4e06b4275989b590fa4757c85b328648a1de47628c0670a31b46fb390f1bc51e0fbac2d547bf3a168
SSDEEP

6144:e9JQakvfexhvtaxyKS9OzZTfyifgEp2Xt28AdFURMz/EzYF3FvRgmV:SJQt2FogMavXtsYRMz/E8Zh5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2488	2056	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2488	2056	7e349723101160058b16361d1614e6b8.exe	28
PID 2056 wrote to memory of 2488	2056	7e349723101160058b16361d1614e6b8.exe	28
PID 2056 wrote to memory of 2488	2056	7e349723101160058b16361d1614e6b8.exe	28
PID 2056 wrote to memory of 2488	2056	7e349723101160058b16361d1614e6b8.exe	28

C:\Users\Admin\AppData\Local\Temp\7e349723101160058b16361d1614e6b8.exe
"C:\Users\Admin\AppData\Local\Temp\7e349723101160058b16361d1614e6b8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 36
  2⤵
  - Program crash
  PID:2488

memory/2056-0-0x0000000000400000-0x0000000000551200-memory.dmp

Filesize
1.3MB

Download