cfe58220a60007e1cd560dc6c333a6ce3804ac8b0830b59bcdafe45f4acc74ae

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 06:31

Target

7c63b865233806317f1760604d3b0320.exe
Size

91KB
MD5

7c63b865233806317f1760604d3b0320
SHA1

cb7c5c729c1d98c6fe4744493f5c0c37c94a5f8d
SHA256

cfe58220a60007e1cd560dc6c333a6ce3804ac8b0830b59bcdafe45f4acc74ae
SHA512

8e6fc758a8bec3a79c486933ba37895029d934b1bc8e36b70f1fbe5b0c06c5386124c157e98cf1609954c31919018c5d34683ba9fbd3897e83e4d32cfb29d68c
SSDEEP

1536:KdLEO4TeqI4D/w/S8yYVDcBuuYSQMxZXB448oIO7V2TXbE59sVg0xdy7sdb:gfsewY/S8y4Qh5L58AKXbnfdywp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2168	1684	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 2168	1684	7c63b865233806317f1760604d3b0320.exe	28
PID 1684 wrote to memory of 2168	1684	7c63b865233806317f1760604d3b0320.exe	28
PID 1684 wrote to memory of 2168	1684	7c63b865233806317f1760604d3b0320.exe	28
PID 1684 wrote to memory of 2168	1684	7c63b865233806317f1760604d3b0320.exe	28

C:\Users\Admin\AppData\Local\Temp\7c63b865233806317f1760604d3b0320.exe
"C:\Users\Admin\AppData\Local\Temp\7c63b865233806317f1760604d3b0320.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 92
  2⤵
  - Program crash
  PID:2168