331b7a17662f7dbdaf7798baf206250e42a4a8838d19f97a8394cdccc94cbc4f

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-01-2024 00:21

Target

7baabbc0caeafceb17f651bf792fd1a4.exe
Size

79KB
MD5

7baabbc0caeafceb17f651bf792fd1a4
SHA1

44057db2042e907b1cc3828110946e4fb39dfa10
SHA256

331b7a17662f7dbdaf7798baf206250e42a4a8838d19f97a8394cdccc94cbc4f
SHA512

0107a2ce302792d44f449b18e925cdc90f58baf10878b2c019725a3123866732f8e038921a1df024ea539e48c705ab36cb3289aff1ad5c4c6b52fe213386ceb9
SSDEEP

1536:j10iR+9xLMn1a2rRhTbvtwTIryG+ZoK81CHuiPKx21xh:WiR+DM1frXTbvPuGpkOiSx6

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2392	2364	WerFault.exe	5

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2392	2364	7baabbc0caeafceb17f651bf792fd1a4.exe	28
PID 2364 wrote to memory of 2392	2364	7baabbc0caeafceb17f651bf792fd1a4.exe	28
PID 2364 wrote to memory of 2392	2364	7baabbc0caeafceb17f651bf792fd1a4.exe	28
PID 2364 wrote to memory of 2392	2364	7baabbc0caeafceb17f651bf792fd1a4.exe	28

C:\Users\Admin\AppData\Local\Temp\7baabbc0caeafceb17f651bf792fd1a4.exe
"C:\Users\Admin\AppData\Local\Temp\7baabbc0caeafceb17f651bf792fd1a4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 88
  2⤵
  - Program crash
  PID:2392

memory/2364-0-0x0000000001000000-0x000000000101D000-memory.dmp

Filesize
116KB

Download