d745fd489d8ad2219808a2fa09b071094943174f55ea3761f69552f7a2a4aca3

Analysis

max time kernel
119s
max time network
131s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-03-2024 12:15

Target

ce09874fcd84766a651b16614a78d900.exe
Size

148KB
MD5

ce09874fcd84766a651b16614a78d900
SHA1

7dc6192ffcdd8ba888278cbd394bd690a7d5256e
SHA256

d745fd489d8ad2219808a2fa09b071094943174f55ea3761f69552f7a2a4aca3
SHA512

40d25fccfe88e5ea7fd27a5f5e8285e1595e58eed09c74070cbc637d53c812820291ca744143e5cd8fb4fd2d78f34af0a47ca65d73ff5c4da454e1589f767b53
SSDEEP

3072:sONQKPWDy0ReiJltZrpRcSRksRGRxlPkGJO5KZlGdVUOipWunIygQISyABj8oNmZ:nNSDy0Rzthp/VoPvM8jMritTyA+ow4C

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1756	2220	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1756	2220	ce09874fcd84766a651b16614a78d900.exe	28
PID 2220 wrote to memory of 1756	2220	ce09874fcd84766a651b16614a78d900.exe	28
PID 2220 wrote to memory of 1756	2220	ce09874fcd84766a651b16614a78d900.exe	28
PID 2220 wrote to memory of 1756	2220	ce09874fcd84766a651b16614a78d900.exe	28

C:\Users\Admin\AppData\Local\Temp\ce09874fcd84766a651b16614a78d900.exe
"C:\Users\Admin\AppData\Local\Temp\ce09874fcd84766a651b16614a78d900.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 160
  2⤵
  - Program crash
  PID:1756

memory/2220-0-0x0000000001000000-0x0000000001028000-memory.dmp

Filesize
160KB

Download