efff2a8c9748134d456f59556bb9ba5ffaf2ff2d122c6d68e67db19aa1098ab8

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 14:01

Target

efff2a8c9748134d456f59556bb9ba5ffaf2ff2d122c6d68e67db19aa1098ab8.exe
Size

31KB
MD5

30707c1fbc733df7722c83a1c6409ddc
SHA1

b96e5554d7e19afc54180dc39b290126c2692247
SHA256

efff2a8c9748134d456f59556bb9ba5ffaf2ff2d122c6d68e67db19aa1098ab8
SHA512

3a5ea4e5cacb467ab14d7ebcdde6c3127e5c967df62045f8b1658330539a20b0daa87d5a235158a82086b74b9fd57dc498d540b3eca50e25f1504bdd9652dcec
SSDEEP

384:Y8itbjoQSa4zAxBGZTgAxt0W3kVptJu8Nq5gQp2s+JF51TfUzALeBxvRJ4Iv/PT3:Y85k5zGZTg9Ul0qZos+VcALAvzvz3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1528	1464	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 1528	1464	efff2a8c9748134d456f59556bb9ba5ffaf2ff2d122c6d68e67db19aa1098ab8.exe	26
PID 1464 wrote to memory of 1528	1464	efff2a8c9748134d456f59556bb9ba5ffaf2ff2d122c6d68e67db19aa1098ab8.exe	26
PID 1464 wrote to memory of 1528	1464	efff2a8c9748134d456f59556bb9ba5ffaf2ff2d122c6d68e67db19aa1098ab8.exe	26
PID 1464 wrote to memory of 1528	1464	efff2a8c9748134d456f59556bb9ba5ffaf2ff2d122c6d68e67db19aa1098ab8.exe	26

C:\Users\Admin\AppData\Local\Temp\efff2a8c9748134d456f59556bb9ba5ffaf2ff2d122c6d68e67db19aa1098ab8.exe
"C:\Users\Admin\AppData\Local\Temp\efff2a8c9748134d456f59556bb9ba5ffaf2ff2d122c6d68e67db19aa1098ab8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 96
  2⤵
  - Program crash
  PID:1528

memory/1464-55-0x0000000000260000-0x0000000000267000-memory.dmp

Filesize
28KB

Download
memory/1464-56-0x0000000000260000-0x0000000000267000-memory.dmp

Filesize
28KB

Download