adb58ef63f3c07098dc3642412762a4ac43fc9396c2513f54a1b5fff21e7d8ec

Analysis

max time kernel
122s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 04:43

Target

cd22ba91f8d799a44da7954145107f64.exe
Size

125KB
MD5

cd22ba91f8d799a44da7954145107f64
SHA1

26674a4f1c042655a83afe32e63b55550a5e9f47
SHA256

adb58ef63f3c07098dc3642412762a4ac43fc9396c2513f54a1b5fff21e7d8ec
SHA512

497e0f9793cb634075e0eab0d9d0371a9780bc267df740c86c62f93370b52993b820261b81a650240b875b2bb176e5bc78b39daa9d3d66b60aebc7772d7d1749
SSDEEP

3072:bcc+6F1dOf8nM/XfpT6DjGBqG+mmRRa5ujfGjPpJcF1dJ:wf6b80ngXxs0ZmR45ujipybL

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2956	1912	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 2956	1912	cd22ba91f8d799a44da7954145107f64.exe	28
PID 1912 wrote to memory of 2956	1912	cd22ba91f8d799a44da7954145107f64.exe	28
PID 1912 wrote to memory of 2956	1912	cd22ba91f8d799a44da7954145107f64.exe	28
PID 1912 wrote to memory of 2956	1912	cd22ba91f8d799a44da7954145107f64.exe	28

C:\Users\Admin\AppData\Local\Temp\cd22ba91f8d799a44da7954145107f64.exe
"C:\Users\Admin\AppData\Local\Temp\cd22ba91f8d799a44da7954145107f64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 36
  2⤵
  - Program crash
  PID:2956

memory/1912-0-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/1912-1-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download