0adb0f037c9cddb4b0231c40000e0c1719ff27da47b97f720ab0d60d2c4c95f4

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-03-2024 04:26

Target

e0c4add6b3d0901fd409bce63e478cc7.exe
Size

111KB
MD5

e0c4add6b3d0901fd409bce63e478cc7
SHA1

af198883ba879ba8b9e65b0f0f14ec311161746a
SHA256

0adb0f037c9cddb4b0231c40000e0c1719ff27da47b97f720ab0d60d2c4c95f4
SHA512

cc9a42c3645baaee0b10a043945c2474d3cfaf2209e3ecd0357c125dc762c6cf7cb2e83da8d68ec8aa6810eb612d0fbc01b7bf58f948033883b10f65a7dd692a
SSDEEP

1536:/Y3lOIc7J6mp2JzNUfUQ+3/6C4Vxex6nWe8zW3dBgJ6mo:/GOdcmpi2fEPKh8a3v86t

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2016	640	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 640 wrote to memory of 2016	640	e0c4add6b3d0901fd409bce63e478cc7.exe	28
PID 640 wrote to memory of 2016	640	e0c4add6b3d0901fd409bce63e478cc7.exe	28
PID 640 wrote to memory of 2016	640	e0c4add6b3d0901fd409bce63e478cc7.exe	28
PID 640 wrote to memory of 2016	640	e0c4add6b3d0901fd409bce63e478cc7.exe	28

C:\Users\Admin\AppData\Local\Temp\e0c4add6b3d0901fd409bce63e478cc7.exe
"C:\Users\Admin\AppData\Local\Temp\e0c4add6b3d0901fd409bce63e478cc7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 116
  2⤵
  - Program crash
  PID:2016

memory/640-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download