613bbf6d4d8b2550d91143f386fc29df1e792d7c4b3a66a4f6f755832c112313

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/02/2024, 17:01

Target

8a0d513ebcf458cf5f1f5894275ac654.exe
Size

224KB
MD5

8a0d513ebcf458cf5f1f5894275ac654
SHA1

e602fb251375f697baf7a8530aeec3f53ad0f989
SHA256

613bbf6d4d8b2550d91143f386fc29df1e792d7c4b3a66a4f6f755832c112313
SHA512

72bea1934ae71955aa459024ec11b7ff6acce5f6341900c5835d8afa6d8d71d2efe08b03e1754fdbe73f99ea92f4f461bd9f354ad50cb3b3a94bf3c848850992
SSDEEP

384:UAWByYKKRJmfZ490acASePodP0w4fNgG6zLvHQJdkBPFDemj9/f8Cok2gHLmyMof:pasYKfWgGSwurth2grpMos0n

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2144	1996	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2144	1996	8a0d513ebcf458cf5f1f5894275ac654.exe	28
PID 1996 wrote to memory of 2144	1996	8a0d513ebcf458cf5f1f5894275ac654.exe	28
PID 1996 wrote to memory of 2144	1996	8a0d513ebcf458cf5f1f5894275ac654.exe	28
PID 1996 wrote to memory of 2144	1996	8a0d513ebcf458cf5f1f5894275ac654.exe	28

C:\Users\Admin\AppData\Local\Temp\8a0d513ebcf458cf5f1f5894275ac654.exe
"C:\Users\Admin\AppData\Local\Temp\8a0d513ebcf458cf5f1f5894275ac654.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 148
  2⤵
  - Program crash
  PID:2144

memory/1996-0-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download