64d1024fa8cb2fe370f11fe888bfccbbd6af6d0554ba618a68c6bd201de4a649

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 22:29

Target

e03fcdf8d21caddcb4ab16eabdc8021c.exe
Size

204KB
MD5

e03fcdf8d21caddcb4ab16eabdc8021c
SHA1

df1571188334b47f75ec0766f59d08552663b511
SHA256

64d1024fa8cb2fe370f11fe888bfccbbd6af6d0554ba618a68c6bd201de4a649
SHA512

7b380584453b2b53b836bdd4632cb879d53b703a219ec4c97273caac19db5b6f9c7b00d3384e891d3a85d5f60a018eb2460f8bfbf0475348c23c83803dcaf4ea
SSDEEP

1536:febJpLgCcnicxGlt4QYLU9KD02BBAbKwaPoYkwAZdt:fePgCctxGv4QcU9KQ2BBA2waPxyt

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1952	2476	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 1952	2476	e03fcdf8d21caddcb4ab16eabdc8021c.exe	28
PID 2476 wrote to memory of 1952	2476	e03fcdf8d21caddcb4ab16eabdc8021c.exe	28
PID 2476 wrote to memory of 1952	2476	e03fcdf8d21caddcb4ab16eabdc8021c.exe	28
PID 2476 wrote to memory of 1952	2476	e03fcdf8d21caddcb4ab16eabdc8021c.exe	28

C:\Users\Admin\AppData\Local\Temp\e03fcdf8d21caddcb4ab16eabdc8021c.exe
"C:\Users\Admin\AppData\Local\Temp\e03fcdf8d21caddcb4ab16eabdc8021c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 36
  2⤵
  - Program crash
  PID:1952

memory/2476-0-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download