5a4a4f48a330e387745166367f3a90e83841dcd4ba9dd10565d854fd35e2d175

Analysis

max time kernel
34s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 07:42

Target

WPE3.0中文版/WPE PRO 3.0.exe
Size

818KB
MD5

ccecd82bb7491af4e7c56fc909bb5f62
SHA1

963dc09f5af0ff2d2a586833697bff4ee3a3b4ef
SHA256

294562e5a7e71fbc472acb8938d9a90b9c88c2381b5b60fca79d9e8f921a0b5a
SHA512

6c94f8dcc8753c6cff7457d46d910e025ac2cc57d9f11d36e5f82ef3dee4c3ea42f3b8db0099305f03376d30a7e27f6e81c6928d0e050534134aa6cf193c5217
SSDEEP

12288:HaOmk50PA+5rIMwY663Ts1+2uGWStYAMBCUSRp3o4g13XERD0j5iArQYrRS2Qg/:HR50I+5eYJquBeUceFX8DosorRS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1704	1868	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 1704	1868	WPE PRO 3.0.exe	26
PID 1868 wrote to memory of 1704	1868	WPE PRO 3.0.exe	26
PID 1868 wrote to memory of 1704	1868	WPE PRO 3.0.exe	26
PID 1868 wrote to memory of 1704	1868	WPE PRO 3.0.exe	26

C:\Users\Admin\AppData\Local\Temp\WPE3.0中文版\WPE PRO 3.0.exe
"C:\Users\Admin\AppData\Local\Temp\WPE3.0中文版\WPE PRO 3.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 88
  2⤵
  - Program crash
  PID:1704

memory/1868-54-0x0000000000400000-0x00000000005B1000-memory.dmp

Filesize
1.7MB

Download