c1a477299f1f49616e46aae0dbb849a48da006a26ba396576bb6ebe53294b25a

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 17:48

Target

c1a477299f1f49616e46aae0dbb849a48da006a26ba396576bb6ebe53294b25a.exe
Size

874KB
MD5

e007d5311ca9f54be8eae6a3f9f39a08
SHA1

3e46f7e925dad542907b77232d82b04d56a21249
SHA256

c1a477299f1f49616e46aae0dbb849a48da006a26ba396576bb6ebe53294b25a
SHA512

4c62607cc0e38fc00ae926c420778f4e893f81dc2b748a9aaf8bc81a678fa5433bbd6ed046247f9fd2f81bfb85b53c1b82fa11e0590ea5705dd91d08d75fe5a5
SSDEEP

12288:+AkBjlbMJqHdIFSDw8eRPLcB1LEUAwkTL2/VlVagyEdPdewuHA9ZPW5:+AUlbCoDjeBLI1LERMV/agy1KB6

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
944	2024	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 944	2024	c1a477299f1f49616e46aae0dbb849a48da006a26ba396576bb6ebe53294b25a.exe	28
PID 2024 wrote to memory of 944	2024	c1a477299f1f49616e46aae0dbb849a48da006a26ba396576bb6ebe53294b25a.exe	28
PID 2024 wrote to memory of 944	2024	c1a477299f1f49616e46aae0dbb849a48da006a26ba396576bb6ebe53294b25a.exe	28
PID 2024 wrote to memory of 944	2024	c1a477299f1f49616e46aae0dbb849a48da006a26ba396576bb6ebe53294b25a.exe	28

C:\Users\Admin\AppData\Local\Temp\c1a477299f1f49616e46aae0dbb849a48da006a26ba396576bb6ebe53294b25a.exe
"C:\Users\Admin\AppData\Local\Temp\c1a477299f1f49616e46aae0dbb849a48da006a26ba396576bb6ebe53294b25a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 192
  2⤵
  - Program crash
  PID:944

memory/2024-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download
memory/2024-56-0x0000000001000000-0x00000000010DF000-memory.dmp

Filesize
892KB

Download