dedd06be8ce7121365fea7a14b45347fe91a30fa4f5b3e57490534e309c40d92

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 13:27

Target

9bcb79a3374e99bb6358e465afca3969.exe
Size

9KB
MD5

9bcb79a3374e99bb6358e465afca3969
SHA1

dcefe04ac013c5e07feef5705c3c1933e53e6368
SHA256

dedd06be8ce7121365fea7a14b45347fe91a30fa4f5b3e57490534e309c40d92
SHA512

633037f732ac4e41662a077769e7728cea471a6068e5e2a76f0baca6fa458fc5aad64878ea57c69a81393625f285c6332aa6312bf691a3d8802192e05588d4f9
SSDEEP

192:QO7YeGX14y/lMM3ghsy/1wSVotPsWLxnCKuojpbMPs:Ds/4y/lj2/1RoxsGxUojpbM0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2980	2664	WerFault.exe	21

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2980	2664	9bcb79a3374e99bb6358e465afca3969.exe	28
PID 2664 wrote to memory of 2980	2664	9bcb79a3374e99bb6358e465afca3969.exe	28
PID 2664 wrote to memory of 2980	2664	9bcb79a3374e99bb6358e465afca3969.exe	28
PID 2664 wrote to memory of 2980	2664	9bcb79a3374e99bb6358e465afca3969.exe	28

C:\Users\Admin\AppData\Local\Temp\9bcb79a3374e99bb6358e465afca3969.exe
"C:\Users\Admin\AppData\Local\Temp\9bcb79a3374e99bb6358e465afca3969.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 44
  2⤵
  - Program crash
  PID:2980