e7ddc4482487d31c54b2f437a4458fd1ae9af2c815f83c5c5a3f52b41edb40da

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22/02/2024, 04:36

Target

e7ddc4482487d31c54b2f437a4458fd1ae9af2c815f83c5c5a3f52b41edb40da.exe
Size

3.6MB
MD5

88774a64938df788b11f8d90714c9501
SHA1

6c8543d6e97f05f92007629e8e8cf6cd9f045d0c
SHA256

e7ddc4482487d31c54b2f437a4458fd1ae9af2c815f83c5c5a3f52b41edb40da
SHA512

203f91d9d6221f8fee6c58a61275b67c58bcfa6bc8c38377fd37b170604e83d8ac85c5307d05fafe66e68bdcdd4dd88c82a7c28aebe92da399e3369821e86aa6
SSDEEP

49152:TPZS+aGiOqyOR1VU+VZ9IkGI+sjeGSjS1cs5QZuTtS0rQMYOQ+q8CEDjSn6ri8jC:TPmTVNVH1jeWPWsM0r1QnyODi0Feo

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1536	2064	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 1536	2064	e7ddc4482487d31c54b2f437a4458fd1ae9af2c815f83c5c5a3f52b41edb40da.exe	28
PID 2064 wrote to memory of 1536	2064	e7ddc4482487d31c54b2f437a4458fd1ae9af2c815f83c5c5a3f52b41edb40da.exe	28
PID 2064 wrote to memory of 1536	2064	e7ddc4482487d31c54b2f437a4458fd1ae9af2c815f83c5c5a3f52b41edb40da.exe	28
PID 2064 wrote to memory of 1536	2064	e7ddc4482487d31c54b2f437a4458fd1ae9af2c815f83c5c5a3f52b41edb40da.exe	28

C:\Users\Admin\AppData\Local\Temp\e7ddc4482487d31c54b2f437a4458fd1ae9af2c815f83c5c5a3f52b41edb40da.exe
"C:\Users\Admin\AppData\Local\Temp\e7ddc4482487d31c54b2f437a4458fd1ae9af2c815f83c5c5a3f52b41edb40da.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 156
  2⤵
  - Program crash
  PID:1536

memory/2064-0-0x00000000000C0000-0x0000000000173000-memory.dmp

Filesize
716KB

Download