9632e7f86b4f4ad0b59c5b6e869ddd3cb6d5d02064d6894aa0b965f478115c1b

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24/09/2022, 04:28

Target

PlayerIDGrabber.exe
Size

90KB
MD5

cad5f62741120a53f93282ae25cc0e8d
SHA1

d94114c1da30fc7c30b099dc3ea2a834d8166857
SHA256

6e40ecae5b303f4c68c71a24769945d689d2ee493367c3bab21f4a56da1e80db
SHA512

b806893cecbbc3fb2818ccb64d22e19c8085647713a11afea91f9dcdfbc18a13bbb55dd73b119a2c654784479007361e5802e01bbc3f52f037308e0a4d3eeaef
SSDEEP

1536:PDv/DZ3KKGhSgAQJPIAqWB4x1J70bpAkA3ZgbGNrc+uexCxoKV6+fAxYL:7/DZ6KGhNAQlnB4xHwKgbGNrc+bSAKL

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
968	1848	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 968	1848	PlayerIDGrabber.exe	28
PID 1848 wrote to memory of 968	1848	PlayerIDGrabber.exe	28
PID 1848 wrote to memory of 968	1848	PlayerIDGrabber.exe	28

C:\Users\Admin\AppData\Local\Temp\PlayerIDGrabber.exe
"C:\Users\Admin\AppData\Local\Temp\PlayerIDGrabber.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1848 -s 596
  2⤵
  - Program crash
  PID:968

memory/1848-54-0x000000013FC00000-0x000000013FC1C000-memory.dmp

Filesize
112KB

Download