08f660b782f8b7f4a2f5c51998c3389a2a2f0fa3fe7f25ee0f59fb0071330526

Analysis

max time kernel
119s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 11:22

Target

994bef190f53e5c7ff711c261533f598.exe
Size

738KB
MD5

994bef190f53e5c7ff711c261533f598
SHA1

5703b9ca0ae5e9589610a533a8ee5539e662213f
SHA256

08f660b782f8b7f4a2f5c51998c3389a2a2f0fa3fe7f25ee0f59fb0071330526
SHA512

778c4997b13747295f44a0a0c863a94e0d6593f30cf4404c3733ba462a658510412d9e57e5edcac9400ad583bc4c6baea1868bfb80d97cb2daef950f77d01c90
SSDEEP

12288:vAwSfxL/2Dc3WDLLmt0LDQewsHj7cLppsC3IrKfpugohbZZfY5NK/w56VEp:4fewsHj7clXtfp6t+5New57

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3032	2324	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 3032	2324	994bef190f53e5c7ff711c261533f598.exe	28
PID 2324 wrote to memory of 3032	2324	994bef190f53e5c7ff711c261533f598.exe	28
PID 2324 wrote to memory of 3032	2324	994bef190f53e5c7ff711c261533f598.exe	28
PID 2324 wrote to memory of 3032	2324	994bef190f53e5c7ff711c261533f598.exe	28

C:\Users\Admin\AppData\Local\Temp\994bef190f53e5c7ff711c261533f598.exe
"C:\Users\Admin\AppData\Local\Temp\994bef190f53e5c7ff711c261533f598.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 124
  2⤵
  - Program crash
  PID:3032

memory/2324-0-0x0000000000D60000-0x0000000000E4F000-memory.dmp

Filesize
956KB

Download
memory/2324-1-0x0000000000D60000-0x0000000000E4F000-memory.dmp

Filesize
956KB

Download
memory/2324-2-0x0000000000D60000-0x0000000000E4F000-memory.dmp

Filesize
956KB

Download