4cd2afdf2d5e2e76887860db4256bbbbf282baf32e1c26372a16e524421f6b7a

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 14:22

Target

4cd2afdf2d5e2e76887860db4256bbbbf282baf32e1c26372a16e524421f6b7a.exe
Size

214KB
MD5

737a10838ae06135457686611827b308
SHA1

7ab4c91b8697e0e9dd9440996684fc00c790f11e
SHA256

4cd2afdf2d5e2e76887860db4256bbbbf282baf32e1c26372a16e524421f6b7a
SHA512

02983121a1d95823adf303c2e9770224fd116340c7f7b2153fb25ad4a779238290b00d55c35eb8952da71bf97a32fcccceeff611551158410343b101d174e90e
SSDEEP

3072:aq+B9qP2pqR0XD3AGsKb4rAWrYpLBVha7eBBglBr0xTbogVR+Roo8z1Ic9Eo2IST:ajkRBGVb4rjY4aBBmrMb/V4RooFieK5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
532	1452	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 532	1452	4cd2afdf2d5e2e76887860db4256bbbbf282baf32e1c26372a16e524421f6b7a.exe	26
PID 1452 wrote to memory of 532	1452	4cd2afdf2d5e2e76887860db4256bbbbf282baf32e1c26372a16e524421f6b7a.exe	26
PID 1452 wrote to memory of 532	1452	4cd2afdf2d5e2e76887860db4256bbbbf282baf32e1c26372a16e524421f6b7a.exe	26
PID 1452 wrote to memory of 532	1452	4cd2afdf2d5e2e76887860db4256bbbbf282baf32e1c26372a16e524421f6b7a.exe	26

C:\Users\Admin\AppData\Local\Temp\4cd2afdf2d5e2e76887860db4256bbbbf282baf32e1c26372a16e524421f6b7a.exe
"C:\Users\Admin\AppData\Local\Temp\4cd2afdf2d5e2e76887860db4256bbbbf282baf32e1c26372a16e524421f6b7a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 36
  2⤵
  - Program crash
  PID:532

memory/1452-55-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download