f2df2225b522198984f1c38654f2d06f2855a0efc8c57d87f566ea21e5c68cab

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 10:46

Target

DHL119040 receipt document,pdf.exe
Size

1.3MB
MD5

0db7fbc1b1d0af0a9503401691f95e30
SHA1

e93bb010d9df4bb5df8203429d228d4748976747
SHA256

f2df2225b522198984f1c38654f2d06f2855a0efc8c57d87f566ea21e5c68cab
SHA512

b0ea31bbcbeecb6d2ee34bc8267554be6079e162656389863a099eff0f30e7e73ba5d9e69def08acda0976165bef83268156dc846e781832cf5aa008376fae70
SSDEEP

24576:4IYk0Pslg/AQH7aEv/rVvJdFIBmtvzhZKux73WTx8UgSU2dwH:4IbUB/ZvhS65WxVgSU

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2100	1856	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 2100	1856	DHL119040 receipt document,pdf.exe	31
PID 1856 wrote to memory of 2100	1856	DHL119040 receipt document,pdf.exe	31
PID 1856 wrote to memory of 2100	1856	DHL119040 receipt document,pdf.exe	31
PID 1856 wrote to memory of 2100	1856	DHL119040 receipt document,pdf.exe	31

C:\Users\Admin\AppData\Local\Temp\DHL119040 receipt document,pdf.exe
"C:\Users\Admin\AppData\Local\Temp\DHL119040 receipt document,pdf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 712
  2⤵
  - Program crash
  PID:2100

memory/1856-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1856-1-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download