4e90b21f7133122b66540ce36483ed4f055983c90f4bb421e6aa1102e31c9781

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 22:30

Target

16d46aba07b80b27f378eb9ca618f160N.exe
Size

472KB
MD5

16d46aba07b80b27f378eb9ca618f160
SHA1

8ebf8fac5d598e6e26b02bb262701002beea2dc1
SHA256

4e90b21f7133122b66540ce36483ed4f055983c90f4bb421e6aa1102e31c9781
SHA512

11a68d125549e2269d318d143e3fe7e9198159022bf30e3a9db8362e6e713f7d3b7ef435008507810784624c58bd9b9b485c4b68121a19fab5164ab15028b34e
SSDEEP

3072:V8RinudiP52xx67lLdmiHDonDOBZzAp1FryHGyTuzMrS5:KkgiPA6RYPnszAp1FrkGyTuzd5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2404	1980	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 2404	1980	16d46aba07b80b27f378eb9ca618f160N.exe	30
PID 1980 wrote to memory of 2404	1980	16d46aba07b80b27f378eb9ca618f160N.exe	30
PID 1980 wrote to memory of 2404	1980	16d46aba07b80b27f378eb9ca618f160N.exe	30
PID 1980 wrote to memory of 2404	1980	16d46aba07b80b27f378eb9ca618f160N.exe	30

C:\Users\Admin\AppData\Local\Temp\16d46aba07b80b27f378eb9ca618f160N.exe
"C:\Users\Admin\AppData\Local\Temp\16d46aba07b80b27f378eb9ca618f160N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 36
  2⤵
  - Program crash
  PID:2404

memory/1980-1-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download