21d03564c5ef4ad5c15f8e1fce2b086050af8b7f9d1cf85c5c66e0edd7535a2d

Analysis

max time kernel
142s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 02:57

Target

97af4041779cebd3d2517977bd9da15a.exe
Size

342KB
MD5

97af4041779cebd3d2517977bd9da15a
SHA1

6f5e34a0263edb5253adfcaef58705a495782c4a
SHA256

21d03564c5ef4ad5c15f8e1fce2b086050af8b7f9d1cf85c5c66e0edd7535a2d
SHA512

88b18e96d6e7db2a5fa95f3744b079ebf60d009289d0459f1d9ee0859bf058ea4bc090d048eb3c1d4dc62528c29970f9ecefc61d8d958a15e85256f8de1e5bd2
SSDEEP

6144:yjRzl4TnKC5Sq1R4vp1QpPuYA3ClfQUBSTj60VlFD5RYyEcAqy:yjDxC5S1XQp/AUpUTjvVlR5O9

Score

7^/10

Loads dropped DLL 5 IoCs

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2616	2312	WerFault.exe	27

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2312	97af4041779cebd3d2517977bd9da15a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2616	2312	97af4041779cebd3d2517977bd9da15a.exe	31
PID 2312 wrote to memory of 2616	2312	97af4041779cebd3d2517977bd9da15a.exe	31
PID 2312 wrote to memory of 2616	2312	97af4041779cebd3d2517977bd9da15a.exe	31
PID 2312 wrote to memory of 2616	2312	97af4041779cebd3d2517977bd9da15a.exe	31

\Users\Admin\AppData\Local\Temp\97af4041779cebd3d2517977bd9da15a.exe

Filesize
348KB

MD5
42f86a7f92b16b7f5db94e482d6594f5

SHA1
b8d46e9c61696a3ea3ee77bf3b7b7431b4c55733

SHA256
25d840701ef3b38c131dc96ff9b4d98465fecfdafe437289e283f89aac3a2823

SHA512
872853b1ca1740f4dda516b4a0532d44bc430ef8d394f9e24e21338f8f195bd867d13bae999852780f1698ddb40d4d5c17a16a03d68bf41cc794e62cd9c59e88

Download Submit
memory/2312-2-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2312-3-0x0000000000230000-0x0000000000232000-memory.dmp

Filesize
8KB

Download