428ffb404025f594f9016b7d6150804fa321c62a7fc4f20602922acf291a2837

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-02-2024 05:49

Target

8e5eff3380f93bbf5a3c35cc5c7fd37f.exe
Size

157KB
MD5

8e5eff3380f93bbf5a3c35cc5c7fd37f
SHA1

fa4dffa70d9958a22f2ae066d5ab2a219a3ae5b1
SHA256

428ffb404025f594f9016b7d6150804fa321c62a7fc4f20602922acf291a2837
SHA512

8a73328f48cbf157c0c1ed9f9a2120401361d838aed2ad16c9ad89129df911b236de703130a3bda81af89405e7af25861f5bdc4b07d59664e33620000a7e0cfb
SSDEEP

3072:nHGcnSpoy7xCtiWTd0ocSHK9jOpu021CLNNpfv1b3j/YF822ouxuCp4UxBriXv:nmjuy7xIHJJq9n1Q1v1vYJGR4IY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1272	2088	WerFault.exe	11

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 1272	2088	8e5eff3380f93bbf5a3c35cc5c7fd37f.exe	29
PID 2088 wrote to memory of 1272	2088	8e5eff3380f93bbf5a3c35cc5c7fd37f.exe	29
PID 2088 wrote to memory of 1272	2088	8e5eff3380f93bbf5a3c35cc5c7fd37f.exe	29
PID 2088 wrote to memory of 1272	2088	8e5eff3380f93bbf5a3c35cc5c7fd37f.exe	29

C:\Users\Admin\AppData\Local\Temp\8e5eff3380f93bbf5a3c35cc5c7fd37f.exe
"C:\Users\Admin\AppData\Local\Temp\8e5eff3380f93bbf5a3c35cc5c7fd37f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 532
  2⤵
  - Program crash
  PID:1272

memory/2088-0-0x0000000000FF0000-0x000000000101E000-memory.dmp

Filesize
184KB

Download
memory/2088-1-0x0000000074420000-0x0000000074B0E000-memory.dmp

Filesize
6.9MB

Download
memory/2088-2-0x0000000074420000-0x0000000074B0E000-memory.dmp

Filesize
6.9MB

Download