ea9ed24b17972534d2ca841d9a5da7b90837ed7f05c663b1be5662a0e7cba2aa

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-01-2024 11:53

Target

7d0c3a6ecbe004297d6f35de8d943008.exe
Size

76KB
MD5

7d0c3a6ecbe004297d6f35de8d943008
SHA1

f178e3745e76e66046e9134c7b62525597835d75
SHA256

ea9ed24b17972534d2ca841d9a5da7b90837ed7f05c663b1be5662a0e7cba2aa
SHA512

82ebcf1be36c65319c280ae19dd8f6d7162e0cff587ffa1e4e7f7291458461e694a322981f917076a5cf0e2e97cf6bdc33f042fbc82362ac840b2d617bf0a5ea
SSDEEP

1536:6/ePyXHZ7DA4BfBrmTiXvvvUgbFNCuACP1DIgN:AeSHZ7DTBfBrB/UgbFNCuAq2C

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3044	3000	WerFault.exe	12

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 3044	3000	7d0c3a6ecbe004297d6f35de8d943008.exe	28
PID 3000 wrote to memory of 3044	3000	7d0c3a6ecbe004297d6f35de8d943008.exe	28
PID 3000 wrote to memory of 3044	3000	7d0c3a6ecbe004297d6f35de8d943008.exe	28
PID 3000 wrote to memory of 3044	3000	7d0c3a6ecbe004297d6f35de8d943008.exe	28

C:\Users\Admin\AppData\Local\Temp\7d0c3a6ecbe004297d6f35de8d943008.exe
"C:\Users\Admin\AppData\Local\Temp\7d0c3a6ecbe004297d6f35de8d943008.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 108
  2⤵
  - Program crash
  PID:3044

memory/3000-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3000-1-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download