9ec61d269900a4a377a9b118fcc502cc680baf524c6b4d2d63a98df39d811745

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 00:33

Target

8dc43ce215bada8f113f8f32f948d39f.exe
Size

360KB
MD5

8dc43ce215bada8f113f8f32f948d39f
SHA1

2c2b2af02cb642c50607d2381b79683f1244022b
SHA256

9ec61d269900a4a377a9b118fcc502cc680baf524c6b4d2d63a98df39d811745
SHA512

9586f4c8632cff2c7f07e1ccb4a06679578009528e95308940b34359d251c1420723c48e1f3b82ea1b675f35f9658592d0576a2f268e7628d157050d37c304b3
SSDEEP

3072:BBNBGSGtGSGOGOGlGln+VP/m8ClX0kUb+16H6b5p8I0yH/JN8HOWShM+L7aL7:B5bELf/Ml/cWdi5pV/JNWOVhM

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2660	3068	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2660	3068	8dc43ce215bada8f113f8f32f948d39f.exe	28
PID 3068 wrote to memory of 2660	3068	8dc43ce215bada8f113f8f32f948d39f.exe	28
PID 3068 wrote to memory of 2660	3068	8dc43ce215bada8f113f8f32f948d39f.exe	28
PID 3068 wrote to memory of 2660	3068	8dc43ce215bada8f113f8f32f948d39f.exe	28

C:\Users\Admin\AppData\Local\Temp\8dc43ce215bada8f113f8f32f948d39f.exe
"C:\Users\Admin\AppData\Local\Temp\8dc43ce215bada8f113f8f32f948d39f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 120
  2⤵
  - Program crash
  PID:2660

memory/3068-0-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download