7f21defca8216c0bc9cf3851819a9b59dbcb2028fb4801ace6abd9710bc793a3

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 13:01

Target

7f21defca8216c0bc9cf3851819a9b59dbcb2028fb4801ace6abd9710bc793a3.exe
Size

97KB
MD5

da1f8cb483a770bbad5fc3620ace938c
SHA1

771d3ad0eb0bfb5e070cf1db932eef1d21ab30f1
SHA256

7f21defca8216c0bc9cf3851819a9b59dbcb2028fb4801ace6abd9710bc793a3
SHA512

8ab93ba5b4ac1c1d761cc8f0c1bed9e78c42d90ea71fde58bef9d1e89c58a866451bc64f1444eef5728a0f299fb8823a852ad90af290e6c84cee8d02765ac22f
SSDEEP

1536:vzZZpp48Z70lo+4EMMyO3OexOSEowTwBjzvcmJoxDWqfqNII2Ca2Z:rZslI/HUOjSiToj7CEqfqg2Z

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1772	1584	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 1772	1584	7f21defca8216c0bc9cf3851819a9b59dbcb2028fb4801ace6abd9710bc793a3.exe	26
PID 1584 wrote to memory of 1772	1584	7f21defca8216c0bc9cf3851819a9b59dbcb2028fb4801ace6abd9710bc793a3.exe	26
PID 1584 wrote to memory of 1772	1584	7f21defca8216c0bc9cf3851819a9b59dbcb2028fb4801ace6abd9710bc793a3.exe	26
PID 1584 wrote to memory of 1772	1584	7f21defca8216c0bc9cf3851819a9b59dbcb2028fb4801ace6abd9710bc793a3.exe	26

C:\Users\Admin\AppData\Local\Temp\7f21defca8216c0bc9cf3851819a9b59dbcb2028fb4801ace6abd9710bc793a3.exe
"C:\Users\Admin\AppData\Local\Temp\7f21defca8216c0bc9cf3851819a9b59dbcb2028fb4801ace6abd9710bc793a3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 168
  2⤵
  - Program crash
  PID:1772

memory/1584-54-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

Filesize
8KB

Download
memory/1584-56-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download