c645668fe196679b7fcbf14ef05e3bb5a18f3f6b50a2f7814a454c732d0801f1

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 14:45

Target

bededb6ce1e4a39deb3859ef3ff6f400.exe
Size

165KB
MD5

bededb6ce1e4a39deb3859ef3ff6f400
SHA1

8aa646da9b92ac849fbab737015ae864ef7cb7b0
SHA256

c645668fe196679b7fcbf14ef05e3bb5a18f3f6b50a2f7814a454c732d0801f1
SHA512

2ce2dbaaf5cf1c25668dd4fa0ea80b2aeff59c10f7011bc45771b36b1c99eccabfc2dd18c4af46638a00c561a6197aafd9cb08e4d525567ff96419e64c80e1da
SSDEEP

3072:kgO0Uq+4zf5bNWcbGnM8J3XtitrOm9da+VOugv7GYLOeGW/X:kxiDD5bNAnMyXwJOud/VjkSMSA

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2376	1044	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 2376	1044	bededb6ce1e4a39deb3859ef3ff6f400.exe	28
PID 1044 wrote to memory of 2376	1044	bededb6ce1e4a39deb3859ef3ff6f400.exe	28
PID 1044 wrote to memory of 2376	1044	bededb6ce1e4a39deb3859ef3ff6f400.exe	28
PID 1044 wrote to memory of 2376	1044	bededb6ce1e4a39deb3859ef3ff6f400.exe	28

C:\Users\Admin\AppData\Local\Temp\bededb6ce1e4a39deb3859ef3ff6f400.exe
"C:\Users\Admin\AppData\Local\Temp\bededb6ce1e4a39deb3859ef3ff6f400.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 132
  2⤵
  - Program crash
  PID:2376

memory/1044-0-0x0000000001000000-0x000000000102D000-memory.dmp

Filesize
180KB

Download
memory/1044-1-0x0000000001000000-0x000000000102D000-memory.dmp

Filesize
180KB

Download