d0a6188681516bfd78e442de4e711811616dc730e416f72754a6b231675a7a28

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 08:53

Target

98fe6c597f43b987538f214ea6da5f70.exe
Size

61KB
MD5

98fe6c597f43b987538f214ea6da5f70
SHA1

f41da751b2714c4b138c9368a3c634359de0a1b9
SHA256

d0a6188681516bfd78e442de4e711811616dc730e416f72754a6b231675a7a28
SHA512

11c23bc82cd6c67ad332497804acbd16a93d0682a9c357508ed394fbb08eb1cc0bfff5c01ba886293ad4e5feefd8e32238905887725da8a9c75729a5ac947cc2
SSDEEP

1536:KYOnfpt7k5VRoGpVgfy5hf5udbUEbIxzcFPJQkoRUBpj8RFvz:AnfpsTf5VxgFRiUT8Rh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2148	2356	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2148	2356	98fe6c597f43b987538f214ea6da5f70.exe	28
PID 2356 wrote to memory of 2148	2356	98fe6c597f43b987538f214ea6da5f70.exe	28
PID 2356 wrote to memory of 2148	2356	98fe6c597f43b987538f214ea6da5f70.exe	28
PID 2356 wrote to memory of 2148	2356	98fe6c597f43b987538f214ea6da5f70.exe	28

C:\Users\Admin\AppData\Local\Temp\98fe6c597f43b987538f214ea6da5f70.exe
"C:\Users\Admin\AppData\Local\Temp\98fe6c597f43b987538f214ea6da5f70.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 140
  2⤵
  - Program crash
  PID:2148

memory/2356-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download