e6e6fc07b6d5f721a5e210ce8187ecd125110db0b0c6f707806b18ad1984cc60

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 12:11

Target

d614a4134c9db5d8c2ddd39a5ee2fd7c.exe
Size

77KB
MD5

d614a4134c9db5d8c2ddd39a5ee2fd7c
SHA1

4e17d1b427555e8c93c5a30bd0befc6613a823b1
SHA256

e6e6fc07b6d5f721a5e210ce8187ecd125110db0b0c6f707806b18ad1984cc60
SHA512

78a1ca8f948bee7fecde32190d6becaf338582b68c7607c521a27bec9bfaddc7e0b7cf4eb729d3e8c29fd0787b5593758422d960a63108151089b29789941e2b
SSDEEP

1536:LccU4CU+OgS99ZJRql8qaBvTe3NIKAMyWx/2PFDNKz5:4ThU+OXXHq8Te37A42PVs9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
392	2524	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 392	2524	d614a4134c9db5d8c2ddd39a5ee2fd7c.exe	28
PID 2524 wrote to memory of 392	2524	d614a4134c9db5d8c2ddd39a5ee2fd7c.exe	28
PID 2524 wrote to memory of 392	2524	d614a4134c9db5d8c2ddd39a5ee2fd7c.exe	28
PID 2524 wrote to memory of 392	2524	d614a4134c9db5d8c2ddd39a5ee2fd7c.exe	28

C:\Users\Admin\AppData\Local\Temp\d614a4134c9db5d8c2ddd39a5ee2fd7c.exe
"C:\Users\Admin\AppData\Local\Temp\d614a4134c9db5d8c2ddd39a5ee2fd7c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 136
  2⤵
  - Program crash
  PID:392