eb92bfd0383b2cf51bb2a7ee650f425330ed72cdd0dd64350841e2c79c7c1c92

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18-03-2024 19:07

Target

d44989e3d29bcd3915094293f7f2918b.exe
Size

128KB
MD5

d44989e3d29bcd3915094293f7f2918b
SHA1

dd1471c094cfac78ae5b79444845c5800e288048
SHA256

eb92bfd0383b2cf51bb2a7ee650f425330ed72cdd0dd64350841e2c79c7c1c92
SHA512

02be21253c7f5dde1d8178fbcc2e05d20a39b711344b90abae1a7d833ad2eb7eb2adee938be3337d52ca7db960e0ef095c4665d0a60c932f6cade862581c0de3
SSDEEP

3072:3+47C+uGNvVkSoQMkMD5nryqdaeZTJkQB83YNKmslUmJTdo+un:u47C+uGbJoQMkM1yq5ZiQB83i6UmU+un

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1940	1660	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 1940	1660	d44989e3d29bcd3915094293f7f2918b.exe	28
PID 1660 wrote to memory of 1940	1660	d44989e3d29bcd3915094293f7f2918b.exe	28
PID 1660 wrote to memory of 1940	1660	d44989e3d29bcd3915094293f7f2918b.exe	28
PID 1660 wrote to memory of 1940	1660	d44989e3d29bcd3915094293f7f2918b.exe	28

C:\Users\Admin\AppData\Local\Temp\d44989e3d29bcd3915094293f7f2918b.exe
"C:\Users\Admin\AppData\Local\Temp\d44989e3d29bcd3915094293f7f2918b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 36
  2⤵
  - Program crash
  PID:1940

memory/1660-0-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/1660-1-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download