331342bacf693d993f8254c83bf5c1f73d29f98ef7f3fc8b1250026b3ef07c32

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 10:25

Target

331342bacf693d993f8254c83bf5c1f73d29f98ef7f3fc8b1250026b3ef07c32.exe
Size

276KB
MD5

6fcd83f0677b749c2118f72e78d75876
SHA1

c8dfe17df090bf17a42f26a94f76f2c64cff8445
SHA256

331342bacf693d993f8254c83bf5c1f73d29f98ef7f3fc8b1250026b3ef07c32
SHA512

cb5f19162c4331ea5f3638df62c07576951e2258cc13cefe49c5b935e2b56f82c97b1d6fd38b51b5b5a7edc485c2c2b8afe872a77b495072e04da1fcd3fdcebc
SSDEEP

3072:q9SAosFQ5Us5GFTe9S2slA/NPQ7dcxUqrunQ/JL0yuq9xzGsl5QzWJmlPuwdMsD:cFQus7slKhQ7exZ1NQq9r/I

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1676	1084	WerFault.exe	26

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 1676	1084	331342bacf693d993f8254c83bf5c1f73d29f98ef7f3fc8b1250026b3ef07c32.exe	27
PID 1084 wrote to memory of 1676	1084	331342bacf693d993f8254c83bf5c1f73d29f98ef7f3fc8b1250026b3ef07c32.exe	27
PID 1084 wrote to memory of 1676	1084	331342bacf693d993f8254c83bf5c1f73d29f98ef7f3fc8b1250026b3ef07c32.exe	27
PID 1084 wrote to memory of 1676	1084	331342bacf693d993f8254c83bf5c1f73d29f98ef7f3fc8b1250026b3ef07c32.exe	27
PID 1084 wrote to memory of 1676	1084	331342bacf693d993f8254c83bf5c1f73d29f98ef7f3fc8b1250026b3ef07c32.exe	27
PID 1084 wrote to memory of 1676	1084	331342bacf693d993f8254c83bf5c1f73d29f98ef7f3fc8b1250026b3ef07c32.exe	27
PID 1084 wrote to memory of 1676	1084	331342bacf693d993f8254c83bf5c1f73d29f98ef7f3fc8b1250026b3ef07c32.exe	27

C:\Users\Admin\AppData\Local\Temp\331342bacf693d993f8254c83bf5c1f73d29f98ef7f3fc8b1250026b3ef07c32.exe
"C:\Users\Admin\AppData\Local\Temp\331342bacf693d993f8254c83bf5c1f73d29f98ef7f3fc8b1250026b3ef07c32.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 300
  2⤵
  - Program crash
  PID:1676

memory/1084-54-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download