838436bcd1bbfa4cd59cc1b16a58dcc9a824ba6f83e791301014b1e04480aa95

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 12:08

Target

d61303088b2cabe68abdca758c8b32e3.exe
Size

115KB
MD5

d61303088b2cabe68abdca758c8b32e3
SHA1

5edbccf5d4f465566a1fcbff6a1884d085ba236a
SHA256

838436bcd1bbfa4cd59cc1b16a58dcc9a824ba6f83e791301014b1e04480aa95
SHA512

30c58018deecfc38a919b6d8ab7294b26552551ff4a3228f27e006a9906295da891fbc832deb16d278cbdab8b39679abe9c26ccd9cebe6b1723af1df174eaa84
SSDEEP

3072:TOeuGU4MGinYNwT1cPCC/nU+NeA5H28ndyQUTXwO:TOHVPYNs+6cU+IA5H22dmH

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2840	1404	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 2840	1404	d61303088b2cabe68abdca758c8b32e3.exe	28
PID 1404 wrote to memory of 2840	1404	d61303088b2cabe68abdca758c8b32e3.exe	28
PID 1404 wrote to memory of 2840	1404	d61303088b2cabe68abdca758c8b32e3.exe	28
PID 1404 wrote to memory of 2840	1404	d61303088b2cabe68abdca758c8b32e3.exe	28

C:\Users\Admin\AppData\Local\Temp\d61303088b2cabe68abdca758c8b32e3.exe
"C:\Users\Admin\AppData\Local\Temp\d61303088b2cabe68abdca758c8b32e3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 36
  2⤵
  - Program crash
  PID:2840

memory/1404-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/1404-1-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download