a17e62b0a0e6d09e9495d57edc8c18ea12430592d595f9efc396e8e4e1f3400c

Analysis

max time kernel
11s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 16:06

Target

a17e62b0a0e6d09e9495d57edc8c18ea12430592d595f9efc396e8e4e1f3400c.exe
Size

212KB
MD5

03db3ca51e0e73147f7fb4baa38ad86b
SHA1

b3a45293b02d726686be3241d935515c4141a232
SHA256

a17e62b0a0e6d09e9495d57edc8c18ea12430592d595f9efc396e8e4e1f3400c
SHA512

b0ff4123d4a4a4ca3834a62c337412a8b76058f3c95df416abc8a95a439e27cc2bef4902ed52f695211b40ae7323972ffe10579166432daef71380747526fb8b
SSDEEP

3072:l1ikGfwMOE9Xq7iXrgBjt/RxAVC1+q4i83av4fHvrF+gBJo1WBBI0wA+VLD:lAkGfwM1967Tn/RxeCt4JhfHv5n2j

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1992	1448	WerFault.exe	9

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1448	a17e62b0a0e6d09e9495d57edc8c18ea12430592d595f9efc396e8e4e1f3400c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 1992	1448	a17e62b0a0e6d09e9495d57edc8c18ea12430592d595f9efc396e8e4e1f3400c.exe	27
PID 1448 wrote to memory of 1992	1448	a17e62b0a0e6d09e9495d57edc8c18ea12430592d595f9efc396e8e4e1f3400c.exe	27
PID 1448 wrote to memory of 1992	1448	a17e62b0a0e6d09e9495d57edc8c18ea12430592d595f9efc396e8e4e1f3400c.exe	27
PID 1448 wrote to memory of 1992	1448	a17e62b0a0e6d09e9495d57edc8c18ea12430592d595f9efc396e8e4e1f3400c.exe	27

C:\Users\Admin\AppData\Local\Temp\a17e62b0a0e6d09e9495d57edc8c18ea12430592d595f9efc396e8e4e1f3400c.exe
"C:\Users\Admin\AppData\Local\Temp\a17e62b0a0e6d09e9495d57edc8c18ea12430592d595f9efc396e8e4e1f3400c.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 200
  2⤵
  - Program crash
  PID:1992

memory/1448-54-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download