e42db0cf2c0a33184b59e36be89263ce5b19378e653c9939b57425036060edcc

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 05:41

Target

8e5aeb2c37b40a1474b5ebe767299245.exe
Size

45KB
MD5

8e5aeb2c37b40a1474b5ebe767299245
SHA1

2acbea3f399597b989adc18e6ebd0a6853424379
SHA256

e42db0cf2c0a33184b59e36be89263ce5b19378e653c9939b57425036060edcc
SHA512

d24e61b4134ee8a8763c7b5b751e142f2e5b3265406102784ecd96a3438ffcc8af00d0226ec1b74f388207706dcc1de55ade66a049ad6bece792e62179c1ffad
SSDEEP

768:D2hYGsTL9keBkQHlDmjbKt36u4xQ27F8Rd/VmmGe/DqTj3o2rM4MnUw/1H56:KhaphHlDYWt36uKQjpGe/DareU28

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2316	2428	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2316	2428	8e5aeb2c37b40a1474b5ebe767299245.exe	28
PID 2428 wrote to memory of 2316	2428	8e5aeb2c37b40a1474b5ebe767299245.exe	28
PID 2428 wrote to memory of 2316	2428	8e5aeb2c37b40a1474b5ebe767299245.exe	28
PID 2428 wrote to memory of 2316	2428	8e5aeb2c37b40a1474b5ebe767299245.exe	28

C:\Users\Admin\AppData\Local\Temp\8e5aeb2c37b40a1474b5ebe767299245.exe
"C:\Users\Admin\AppData\Local\Temp\8e5aeb2c37b40a1474b5ebe767299245.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 140
  2⤵
  - Program crash
  PID:2316

memory/2428-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download