bdbed2f809d3156da5f12ba4f794b0c83807bc64343bb102c5f53cbe8662b074

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 16:22

Target

bdbed2f809d3156da5f12ba4f794b0c83807bc64343bb102c5f53cbe8662b074.exe
Size

95KB
MD5

4a925a4805b4aa27af692e554a952aba
SHA1

ceb3dcff5dd1a5dde91ed6ede0ef0c5d906a8b6b
SHA256

bdbed2f809d3156da5f12ba4f794b0c83807bc64343bb102c5f53cbe8662b074
SHA512

206652a504d552c74d9adef5e17da0d2399ff35cf3ce8a1c58ab8cb434bb6008bf887de6495ee7eb0665ef0c9a6ee3173f3b44bb19f50804001117480b2a6200
SSDEEP

1536:RAem3BPToWFzCQe6CORrglq5vukSCO41cnXejNsEFdcD1XO1YgsKTxHPmwqH0U7:6em3BP8WFzC3AR8u2kz18XuN1FOOm4ty

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1116	1948	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1116	1948	bdbed2f809d3156da5f12ba4f794b0c83807bc64343bb102c5f53cbe8662b074.exe	28
PID 1948 wrote to memory of 1116	1948	bdbed2f809d3156da5f12ba4f794b0c83807bc64343bb102c5f53cbe8662b074.exe	28
PID 1948 wrote to memory of 1116	1948	bdbed2f809d3156da5f12ba4f794b0c83807bc64343bb102c5f53cbe8662b074.exe	28
PID 1948 wrote to memory of 1116	1948	bdbed2f809d3156da5f12ba4f794b0c83807bc64343bb102c5f53cbe8662b074.exe	28

C:\Users\Admin\AppData\Local\Temp\bdbed2f809d3156da5f12ba4f794b0c83807bc64343bb102c5f53cbe8662b074.exe
"C:\Users\Admin\AppData\Local\Temp\bdbed2f809d3156da5f12ba4f794b0c83807bc64343bb102c5f53cbe8662b074.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 92
  2⤵
  - Program crash
  PID:1116

memory/1948-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download