dabb382189567759304c09b10c4b89cbf56dec9ac8b858abe97f0263b86fdaf4

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 16:57

Target

9c3095d0eb85a6f3ac532050591c2a85.exe
Size

127KB
MD5

9c3095d0eb85a6f3ac532050591c2a85
SHA1

acaadd9e207e903921e98c15a346ca31507bc201
SHA256

dabb382189567759304c09b10c4b89cbf56dec9ac8b858abe97f0263b86fdaf4
SHA512

5c38da6d4b74d6073ddb420f019b12a4d12abd2ddc5a00e2fbe68596b17ca983e25a85239a8fd517996540269626fbd901f008b766760c870d0738229f033ced
SSDEEP

3072:DVfOZHjBPZYvJi7CIxoc8yIY1Kyl09ZdQS2XE9Lr:VOVWJi2IxoNSWhX39n

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2796	2524	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2796	2524	9c3095d0eb85a6f3ac532050591c2a85.exe	27
PID 2524 wrote to memory of 2796	2524	9c3095d0eb85a6f3ac532050591c2a85.exe	27
PID 2524 wrote to memory of 2796	2524	9c3095d0eb85a6f3ac532050591c2a85.exe	27
PID 2524 wrote to memory of 2796	2524	9c3095d0eb85a6f3ac532050591c2a85.exe	27

C:\Users\Admin\AppData\Local\Temp\9c3095d0eb85a6f3ac532050591c2a85.exe
"C:\Users\Admin\AppData\Local\Temp\9c3095d0eb85a6f3ac532050591c2a85.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 36
  2⤵
  - Program crash
  PID:2796

memory/2524-1-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2524-2-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2524-0-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2524-3-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2524-4-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download