f3a88c1e556fb89d197b6194a4de2ec5d40db7bc223500986a2fc1f8d20bdb20

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 10:01

Target

17213832079364cd2c31e3686462a723b083c0bc88a686be4059a52ced08bd28c1de0efeb0287.dat-decoded.exe
Size

279KB
MD5

ad8d3fb400719653dbac56ea27cb9af3
SHA1

a19201242ddcc57794ea0f9e182a3479dadecdd8
SHA256

f3a88c1e556fb89d197b6194a4de2ec5d40db7bc223500986a2fc1f8d20bdb20
SHA512

af3dad026e139fdcc8c58832103331e12e6935a22829a91b258e658b678242353102222fa303d67e18f86eece6b3636f464822949030aa15b3023fe3e84ca693
SSDEEP

6144:CXBPR+pJZxdohaErFNoFrP09ogyH7aPC1XEaZAAni:CRPROZdoUqFeFr09ogT3aZ/ni

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2684	2084	WerFault.exe	29

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2084	17213832079364cd2c31e3686462a723b083c0bc88a686be4059a52ced08bd28c1de0efeb0287.dat-decoded.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2684	2084	17213832079364cd2c31e3686462a723b083c0bc88a686be4059a52ced08bd28c1de0efeb0287.dat-decoded.exe	31
PID 2084 wrote to memory of 2684	2084	17213832079364cd2c31e3686462a723b083c0bc88a686be4059a52ced08bd28c1de0efeb0287.dat-decoded.exe	31
PID 2084 wrote to memory of 2684	2084	17213832079364cd2c31e3686462a723b083c0bc88a686be4059a52ced08bd28c1de0efeb0287.dat-decoded.exe	31
PID 2084 wrote to memory of 2684	2084	17213832079364cd2c31e3686462a723b083c0bc88a686be4059a52ced08bd28c1de0efeb0287.dat-decoded.exe	31

C:\Users\Admin\AppData\Local\Temp\17213832079364cd2c31e3686462a723b083c0bc88a686be4059a52ced08bd28c1de0efeb0287.dat-decoded.exe
"C:\Users\Admin\AppData\Local\Temp\17213832079364cd2c31e3686462a723b083c0bc88a686be4059a52ced08bd28c1de0efeb0287.dat-decoded.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 36
  2⤵
  - Program crash
  PID:2684

memory/2084-0-0x0000000001241000-0x0000000001244000-memory.dmp

Filesize
12KB

Download
memory/2084-1-0x0000000001240000-0x0000000001286000-memory.dmp

Filesize
280KB

Download
memory/2084-2-0x0000000001240000-0x0000000001286000-memory.dmp

Filesize
280KB

Download
memory/2084-3-0x0000000001241000-0x0000000001244000-memory.dmp

Filesize
12KB

Download
memory/2084-4-0x0000000001240000-0x0000000001286000-memory.dmp

Filesize
280KB

Download