4f5c33b54a841bae7acb0e8216de5120a5b068ac60cfd158eca260d1f83cf067

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
18-05-2024 08:45

Target

1408_cn_V8.3.0.0/1408_cn_8.3.0.0/DVR/webview.exe
Size

369KB
MD5

1be52c06dd3a011195f4d94b596db7cc
SHA1

5b1ef3df5d3d7476d8f641cce92a32eb5f6eceae
SHA256

c5550f8bb9b7779ab499448000ea54022cf8866fb7924abfc97d9f91bc9db010
SHA512

60fe7a59872f0b6420e2b5201b037221492cbfdefbcc64c6c9f403184e60c86ec792be9136609f8ee420b020800f3236d1f7a76f02e878f9bc2849b574a6c332
SSDEEP

6144:BZuuObR8sVImcyYC5Jk2PM1fHLEm20M3vX6B/6FZ+gsRJyl4z1RDXDEL:uV+mzIdQm20MfG/AAml4/DIL

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2012 2064 WerFault.exe webview.exe

pid	pid_target	process	target process
2012	2064	WerFault.exe	webview.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

webview.exe

description	pid	process	target process
PID 2064 wrote to memory of 2012	2064	webview.exe	WerFault.exe
PID 2064 wrote to memory of 2012	2064	webview.exe	WerFault.exe
PID 2064 wrote to memory of 2012	2064	webview.exe	WerFault.exe
PID 2064 wrote to memory of 2012	2064	webview.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\1408_cn_V8.3.0.0\1408_cn_8.3.0.0\DVR\webview.exe
"C:\Users\Admin\AppData\Local\Temp\1408_cn_V8.3.0.0\1408_cn_8.3.0.0\DVR\webview.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 180
2⤵
- Program crash
PID:2012

memory/2064-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2064-1-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download