576f07e7284878465c0cd81ba71cce1eec9884a072f99e23f0eb8cece247a644

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 14:42

Target

8f69b31dafda293169fed694e8d3211b.exe
Size

13KB
MD5

8f69b31dafda293169fed694e8d3211b
SHA1

ec0f897793fe22b591d6cb644ff6360bd68eed1c
SHA256

576f07e7284878465c0cd81ba71cce1eec9884a072f99e23f0eb8cece247a644
SHA512

f3d703721abfb9b7c43876ee68ab56f23449a61923ab17733d6bfeaba33cbed4004169812dd39b6d9bbde50abcf65d9849b2468bba68170724a539b9a28cbaab
SSDEEP

192:CJGc1Zl2+VAfNxl1THs6xgzgVGjPlRKL766nQAlKhFo22Xs6Z0KMURVPyN8oJwS:CJGcMJxDTHfRmKHc6jMR8oeS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2016	1620	WerFault.exe	7

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 2016	1620	8f69b31dafda293169fed694e8d3211b.exe	27
PID 1620 wrote to memory of 2016	1620	8f69b31dafda293169fed694e8d3211b.exe	27
PID 1620 wrote to memory of 2016	1620	8f69b31dafda293169fed694e8d3211b.exe	27
PID 1620 wrote to memory of 2016	1620	8f69b31dafda293169fed694e8d3211b.exe	27

C:\Users\Admin\AppData\Local\Temp\8f69b31dafda293169fed694e8d3211b.exe
"C:\Users\Admin\AppData\Local\Temp\8f69b31dafda293169fed694e8d3211b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 36
  2⤵
  - Program crash
  PID:2016