006747f50512be3d7207f514e80c6f20e70896c947175b69d2d9b1e4bd0b1eb2

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 13:33

Target

d3a40960a488ba91940dab7d24b4186d.exe
Size

76KB
MD5

d3a40960a488ba91940dab7d24b4186d
SHA1

03a4146e83c73522f4cd3455ecd33586bcf09b7e
SHA256

006747f50512be3d7207f514e80c6f20e70896c947175b69d2d9b1e4bd0b1eb2
SHA512

42980a2882f6724646f280aed21bd74e236d9de2af4ac65c52ef2f54494321593dd70ff6406ec5a3d9e106ae7d944db0506a3af109830aef43047c3599155108
SSDEEP

1536:OOVGc+Q9IhvTP91NsmSemA/Ub3pcFJx01kmUP51i1oZZBPGRIeSTwQqoN+WY03M4:AGc+BVwDTjc/Phumw+arpNaxC6bmHs2N

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2336	2236	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2336	2236	d3a40960a488ba91940dab7d24b4186d.exe	28
PID 2236 wrote to memory of 2336	2236	d3a40960a488ba91940dab7d24b4186d.exe	28
PID 2236 wrote to memory of 2336	2236	d3a40960a488ba91940dab7d24b4186d.exe	28
PID 2236 wrote to memory of 2336	2236	d3a40960a488ba91940dab7d24b4186d.exe	28

C:\Users\Admin\AppData\Local\Temp\d3a40960a488ba91940dab7d24b4186d.exe
"C:\Users\Admin\AppData\Local\Temp\d3a40960a488ba91940dab7d24b4186d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 36
  2⤵
  - Program crash
  PID:2336

memory/2236-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download