d4638b038f414dc0521e5bef3e10aef1dbda2fe5af98581d95c0695cec4b6977

Analysis

max time kernel
145s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-02-2024 23:18

Target

87ed729d5de079f3eb22a6795bf332c2.exe
Size

59KB
MD5

87ed729d5de079f3eb22a6795bf332c2
SHA1

e8b620b9379668d86155f71f18c9c864449f7a4b
SHA256

d4638b038f414dc0521e5bef3e10aef1dbda2fe5af98581d95c0695cec4b6977
SHA512

6b520340bf9239a88f01d78cfd4818e31859490ff64603cbae9d2334736d7a1e7f8e1a76d575e9e1fabaa559a3286e09dc5523678c8fcc344cfd2025c0855df4
SSDEEP

768:3pBylYztIbJbny/kRxzi6WH8jALDiX6T4M+T+hZAA/hTotd1y5:3byVI/kzRWcEvi7MwApTEM

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1664	456	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 1664	456	87ed729d5de079f3eb22a6795bf332c2.exe	28
PID 456 wrote to memory of 1664	456	87ed729d5de079f3eb22a6795bf332c2.exe	28
PID 456 wrote to memory of 1664	456	87ed729d5de079f3eb22a6795bf332c2.exe	28
PID 456 wrote to memory of 1664	456	87ed729d5de079f3eb22a6795bf332c2.exe	28

C:\Users\Admin\AppData\Local\Temp\87ed729d5de079f3eb22a6795bf332c2.exe
"C:\Users\Admin\AppData\Local\Temp\87ed729d5de079f3eb22a6795bf332c2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:456
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 456 -s 36
  2⤵
  - Program crash
  PID:1664

memory/456-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download