2225ec796878c02f0fda114c369152916d5ff8552925803b40bc8dda7f5f1256

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 07:14

Target

9695283952ce2d74352b4798b7593bb1.exe
Size

738KB
MD5

9695283952ce2d74352b4798b7593bb1
SHA1

07a18d8ea6b21bb2916c9bfda7b99b3b2c8b0fe4
SHA256

2225ec796878c02f0fda114c369152916d5ff8552925803b40bc8dda7f5f1256
SHA512

044a4f019c5d9da35c94fbc1b1757145645fe293ab9f743d3550a43d14264f72b33e0d547279a6682c51c22d80a6c8ee22c52b478e45a9b620dc7dfbc2664937
SSDEEP

12288:DAwSfxL/2Dc3WDLLmt0LDQewsHj7cLppsC3IrKf+ugohbZZfY5NK/w56VEp:8fewsHj7clXtf+6t+5New57

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2420	2968	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2420	2968	9695283952ce2d74352b4798b7593bb1.exe	28
PID 2968 wrote to memory of 2420	2968	9695283952ce2d74352b4798b7593bb1.exe	28
PID 2968 wrote to memory of 2420	2968	9695283952ce2d74352b4798b7593bb1.exe	28
PID 2968 wrote to memory of 2420	2968	9695283952ce2d74352b4798b7593bb1.exe	28

C:\Users\Admin\AppData\Local\Temp\9695283952ce2d74352b4798b7593bb1.exe
"C:\Users\Admin\AppData\Local\Temp\9695283952ce2d74352b4798b7593bb1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 124
  2⤵
  - Program crash
  PID:2420

memory/2968-0-0x0000000000BC0000-0x0000000000CAF000-memory.dmp

Filesize
956KB

Download
memory/2968-1-0x0000000000BC0000-0x0000000000CAF000-memory.dmp

Filesize
956KB

Download
memory/2968-2-0x0000000000BC0000-0x0000000000CAF000-memory.dmp

Filesize
956KB

Download