e83da157a542751a074595ecb01ca3c858a09bfa2460dee00d7f9f416cebf62b

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 04:28

Target

c7b0623ccfce3778263645a8a5e3b632.exe
Size

422KB
MD5

c7b0623ccfce3778263645a8a5e3b632
SHA1

b93027e09462e7a81255e5cc45c15d2c50dcb1bf
SHA256

e83da157a542751a074595ecb01ca3c858a09bfa2460dee00d7f9f416cebf62b
SHA512

f72d8968506439520d7bda9331ef773b8892afc88e0232c7174dd9ee95994e6f87a40479ac8b45a535500c193a5ffe9a862e5e096ff878ba4954765c7ed686fe
SSDEEP

6144:ykB1INZdWaFzaE7mDGg7Y4+MFyBPys80G5sEOi9Ri9na5UVx3:ykBgdW/E7mDGg8xMkBp80GiZa5UVh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2216	2152	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 2216	2152	c7b0623ccfce3778263645a8a5e3b632.exe	28
PID 2152 wrote to memory of 2216	2152	c7b0623ccfce3778263645a8a5e3b632.exe	28
PID 2152 wrote to memory of 2216	2152	c7b0623ccfce3778263645a8a5e3b632.exe	28
PID 2152 wrote to memory of 2216	2152	c7b0623ccfce3778263645a8a5e3b632.exe	28

C:\Users\Admin\AppData\Local\Temp\c7b0623ccfce3778263645a8a5e3b632.exe
"C:\Users\Admin\AppData\Local\Temp\c7b0623ccfce3778263645a8a5e3b632.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 116
  2⤵
  - Program crash
  PID:2216

memory/2152-0-0x00000000010D0000-0x000000000113E000-memory.dmp

Filesize
440KB

Download