ca0260f3a3a71e1adf5340b7241b03071658132e7fc21ee08238bcc075eeb8b6

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-03-2024 12:46

Target

de0c3bdd27ec00cd7eacea572f9d3306.exe
Size

112KB
MD5

de0c3bdd27ec00cd7eacea572f9d3306
SHA1

7f4e83e650ee881c6ffe0f37f38c24eb062e4f40
SHA256

ca0260f3a3a71e1adf5340b7241b03071658132e7fc21ee08238bcc075eeb8b6
SHA512

15b9cbf4ff29a83e0e37018a6bf2ddb284de6f5da87799d399dc285fffdb6c471d0b1cacbb38120f46964cfb6a8238954d8b77502953a6825d9789cd67612954
SSDEEP

3072:ZBkhuhlIvEi47lUuuVLmczOcbN7AzbCoV5OGBYdzE0:ZBkMhyEliNmcd0SoVwGcg0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2104	1708	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2104	1708	de0c3bdd27ec00cd7eacea572f9d3306.exe	28
PID 1708 wrote to memory of 2104	1708	de0c3bdd27ec00cd7eacea572f9d3306.exe	28
PID 1708 wrote to memory of 2104	1708	de0c3bdd27ec00cd7eacea572f9d3306.exe	28
PID 1708 wrote to memory of 2104	1708	de0c3bdd27ec00cd7eacea572f9d3306.exe	28

C:\Users\Admin\AppData\Local\Temp\de0c3bdd27ec00cd7eacea572f9d3306.exe
"C:\Users\Admin\AppData\Local\Temp\de0c3bdd27ec00cd7eacea572f9d3306.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 36
  2⤵
  - Program crash
  PID:2104

memory/1708-0-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/1708-1-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download