923dc7fe4c863941db083c5fd7c7e1a8bdc23238080e1418d9b3460d13262343

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 11:01

Target

923dc7fe4c863941db083c5fd7c7e1a8bdc23238080e1418d9b3460d13262343.exe
Size

112KB
MD5

08b3dac2d24113f3889aa54029a96571
SHA1

ef0b38cb49867a27a26ea55c45493e0eb135d72d
SHA256

923dc7fe4c863941db083c5fd7c7e1a8bdc23238080e1418d9b3460d13262343
SHA512

cf513116872b3f5af324b2c52c6b4a08bcb6e2ae8c3fdfda3afd8dc9c351e35092b256fc353ba1b19c237f0e1d3e91067b872749a1d4a2076428ca308af7b3de
SSDEEP

1536:mbln5IUmDjoXflQpq6XA76/RAs//yzqPzDU91NRbvyWgI+Nsu74ubkWpEhyHJ:mbln5IClQRXph/quAVpKWZ+NguzEI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
780	900	WerFault.exe	10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 780	900	923dc7fe4c863941db083c5fd7c7e1a8bdc23238080e1418d9b3460d13262343.exe	27
PID 900 wrote to memory of 780	900	923dc7fe4c863941db083c5fd7c7e1a8bdc23238080e1418d9b3460d13262343.exe	27
PID 900 wrote to memory of 780	900	923dc7fe4c863941db083c5fd7c7e1a8bdc23238080e1418d9b3460d13262343.exe	27
PID 900 wrote to memory of 780	900	923dc7fe4c863941db083c5fd7c7e1a8bdc23238080e1418d9b3460d13262343.exe	27

C:\Users\Admin\AppData\Local\Temp\923dc7fe4c863941db083c5fd7c7e1a8bdc23238080e1418d9b3460d13262343.exe
"C:\Users\Admin\AppData\Local\Temp\923dc7fe4c863941db083c5fd7c7e1a8bdc23238080e1418d9b3460d13262343.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:900
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 92
  2⤵
  - Program crash
  PID:780

memory/900-54-0x0000000001000000-0x0000000001022000-memory.dmp

Filesize
136KB

Download