e7b55adefa7de78442ddde7e5bcf4b51e3034ef587ddc6590bf3fc0f69e9e3b6

Analysis

max time kernel
121s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 02:20

Target

e0894e8feb34eabcf1c5e6dea598f84d.exe
Size

64KB
MD5

e0894e8feb34eabcf1c5e6dea598f84d
SHA1

524bcd57d8f606b1a825b06aef4ec97368436a7a
SHA256

e7b55adefa7de78442ddde7e5bcf4b51e3034ef587ddc6590bf3fc0f69e9e3b6
SHA512

b705946ca2fc0c6ba2ecb999da1e7dff7cab45273332bc58bae0a0ecd35683a5571760b875c01809f38e0552843a4ee38adcf54f2dc7a83f0658d3073bbc799e
SSDEEP

1536:3bqzP/jTGrq0lwWEOQAAPZpiHxgFHap1qkmCZxdh4D/sU+B:rmzTG+LwQAyXHabqkbZ3h4Ds

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2908	2912	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2908	2912	e0894e8feb34eabcf1c5e6dea598f84d.exe	28
PID 2912 wrote to memory of 2908	2912	e0894e8feb34eabcf1c5e6dea598f84d.exe	28
PID 2912 wrote to memory of 2908	2912	e0894e8feb34eabcf1c5e6dea598f84d.exe	28
PID 2912 wrote to memory of 2908	2912	e0894e8feb34eabcf1c5e6dea598f84d.exe	28

C:\Users\Admin\AppData\Local\Temp\e0894e8feb34eabcf1c5e6dea598f84d.exe
"C:\Users\Admin\AppData\Local\Temp\e0894e8feb34eabcf1c5e6dea598f84d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 36
  2⤵
  - Program crash
  PID:2908

memory/2912-0-0x0000000000F70000-0x0000000000F98000-memory.dmp

Filesize
160KB

Download