5e68651608e1fbf6596f27be77fcaea49453297f47dec66bdcaadbceeac001f5

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01-02-2024 23:39

Target

87f743127b5199aaea76bc68ac566437.exe
Size

59KB
MD5

87f743127b5199aaea76bc68ac566437
SHA1

82f77d75beca04814e61db4dd9cbfebf34b110d8
SHA256

5e68651608e1fbf6596f27be77fcaea49453297f47dec66bdcaadbceeac001f5
SHA512

3ad9a749755ea821f3f5b6d50fb38c146bd3f73a3d0f516d14b6b32d938e417959818b15b247fccb40dc482e6ab4e52b5b471ebaed8efe3b70928ffdb29bc4eb
SSDEEP

768:lQloTxdA7jgQ+BUBLKeQKtmYkzM6tT6+hs3jhcZfqLPcOKgZslHeMXKTf6apvfU:eKIBG8tmt36+hsWELPcOKll+MIJf

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2952	2884	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2952	2884	87f743127b5199aaea76bc68ac566437.exe	16
PID 2884 wrote to memory of 2952	2884	87f743127b5199aaea76bc68ac566437.exe	16
PID 2884 wrote to memory of 2952	2884	87f743127b5199aaea76bc68ac566437.exe	16
PID 2884 wrote to memory of 2952	2884	87f743127b5199aaea76bc68ac566437.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 36
1⤵
- Program crash
PID:2952

C:\Users\Admin\AppData\Local\Temp\87f743127b5199aaea76bc68ac566437.exe
"C:\Users\Admin\AppData\Local\Temp\87f743127b5199aaea76bc68ac566437.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2884

memory/2884-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download