10e3fb344738b40ce4645839595f8b33694e1e94ccc8bee4ca37cf95df633256

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 08:53

Target

8ebaf6d1f832270fcbafb6b166875345.exe
Size

116KB
MD5

8ebaf6d1f832270fcbafb6b166875345
SHA1

ed23f154642c22a69744b17e2b92a9375d83866f
SHA256

10e3fb344738b40ce4645839595f8b33694e1e94ccc8bee4ca37cf95df633256
SHA512

120e8fbd767f285defd9d22b77c8b14bbe98b1217a9fbbc6a81a53f566c93a07f6a8dfa0b083b81bb7848c9497d2a45b04b60b55edbb3c53333c2590be52bfca
SSDEEP

1536:AYFLifZPRHOCqPtH3Vd3DgFIBtEHetBpytvs5B6/VQZHywPmbZfKB36Qt+P4GNuU:AOmRAxketEHlkf6/VQ7N6QtXGNz3N

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2004	1648	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 2004	1648	8ebaf6d1f832270fcbafb6b166875345.exe	28
PID 1648 wrote to memory of 2004	1648	8ebaf6d1f832270fcbafb6b166875345.exe	28
PID 1648 wrote to memory of 2004	1648	8ebaf6d1f832270fcbafb6b166875345.exe	28
PID 1648 wrote to memory of 2004	1648	8ebaf6d1f832270fcbafb6b166875345.exe	28

C:\Users\Admin\AppData\Local\Temp\8ebaf6d1f832270fcbafb6b166875345.exe
"C:\Users\Admin\AppData\Local\Temp\8ebaf6d1f832270fcbafb6b166875345.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 36
  2⤵
  - Program crash
  PID:2004

memory/1648-0-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1648-1-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download