d3ee6742e631169cd4b3dd566165da2ea0c26ff9241d55005a5cbc5b7f076da5

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 00:34

Target

d3ee6742e631169cd4b3dd566165da2ea0c26ff9241d55005a5cbc5b7f076da5.exe
Size

264KB
MD5

4b4ae52c7ac242dc691701782f2b8a68
SHA1

4b8549c03b6bdd3528355151ca9e152ddf697373
SHA256

d3ee6742e631169cd4b3dd566165da2ea0c26ff9241d55005a5cbc5b7f076da5
SHA512

c10ff0e8ed9f2c99912055989c32feb2bf72dd8fac23984aa9c76b2b123b9dde104dcadec4373b6f561dd16d892db2e4cf641b9ebd487616d365111f3e0a6400
SSDEEP

6144:XqrwB929GoO2pui6yYPaIGckXBVbHmtswcoEe0g8IkQs4UAcoEwMY0g8IkQs4UAK:XqrwAGo9pV6yYPoBVgsPpV6yYPo

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2016	840	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 2016	840	d3ee6742e631169cd4b3dd566165da2ea0c26ff9241d55005a5cbc5b7f076da5.exe	28
PID 840 wrote to memory of 2016	840	d3ee6742e631169cd4b3dd566165da2ea0c26ff9241d55005a5cbc5b7f076da5.exe	28
PID 840 wrote to memory of 2016	840	d3ee6742e631169cd4b3dd566165da2ea0c26ff9241d55005a5cbc5b7f076da5.exe	28
PID 840 wrote to memory of 2016	840	d3ee6742e631169cd4b3dd566165da2ea0c26ff9241d55005a5cbc5b7f076da5.exe	28

C:\Users\Admin\AppData\Local\Temp\d3ee6742e631169cd4b3dd566165da2ea0c26ff9241d55005a5cbc5b7f076da5.exe
"C:\Users\Admin\AppData\Local\Temp\d3ee6742e631169cd4b3dd566165da2ea0c26ff9241d55005a5cbc5b7f076da5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 140
  2⤵
  - Program crash
  PID:2016

memory/840-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/840-1-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download