1939cdedcc931f7b062f2c2984c0cf338dcc42f72a49177f47e489b8ac667157

Analysis

max time kernel
9s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 04:16

Target

1939cdedcc931f7b062f2c2984c0cf338dcc42f72a49177f47e489b8ac667157.exe
Size

277KB
MD5

71462259ae9966d3be28366a48bc523a
SHA1

8cd9d0e8ce1241bcde672ef203bd03eff78ed305
SHA256

1939cdedcc931f7b062f2c2984c0cf338dcc42f72a49177f47e489b8ac667157
SHA512

82b2fd5f6a0b9409cb8e41ec66ec7b031c14f6e5e5be77e30f26670496999da0858146b08bcf6041acd3064fa918f0970f9787446a8b6b31bb21f08048274f7e
SSDEEP

6144:RTO/1L8ahaI0VaSF7QTBnO501NvBMEv6480:RkF8Ap0VlQTYavqEk0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1744	1964	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 1744	1964	1939cdedcc931f7b062f2c2984c0cf338dcc42f72a49177f47e489b8ac667157.exe	28
PID 1964 wrote to memory of 1744	1964	1939cdedcc931f7b062f2c2984c0cf338dcc42f72a49177f47e489b8ac667157.exe	28
PID 1964 wrote to memory of 1744	1964	1939cdedcc931f7b062f2c2984c0cf338dcc42f72a49177f47e489b8ac667157.exe	28
PID 1964 wrote to memory of 1744	1964	1939cdedcc931f7b062f2c2984c0cf338dcc42f72a49177f47e489b8ac667157.exe	28

C:\Users\Admin\AppData\Local\Temp\1939cdedcc931f7b062f2c2984c0cf338dcc42f72a49177f47e489b8ac667157.exe
"C:\Users\Admin\AppData\Local\Temp\1939cdedcc931f7b062f2c2984c0cf338dcc42f72a49177f47e489b8ac667157.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 176
  2⤵
  - Program crash
  PID:1744

memory/1744-55-0x0000000000000000-mapping.dmp

Download
memory/1964-54-0x0000000075281000-0x0000000075283000-memory.dmp

Filesize
8KB

Download
memory/1964-56-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download