d13a83f21851f42ecc503e31da341267ff9b3619f9288655a74c735dbd6c1634

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 12:12

Target

d13a83f21851f42ecc503e31da341267ff9b3619f9288655a74c735dbd6c1634.exe
Size

65KB
MD5

74a1e645ab2e0ce50411085ec0fd8b29
SHA1

aaee9b89e358b8a169064e7fb29d6acd92102c75
SHA256

d13a83f21851f42ecc503e31da341267ff9b3619f9288655a74c735dbd6c1634
SHA512

1d03bb642a6f6e40b844d99cc70944f0114ce80a8a3ee83cc17ad5c81d196ee291da9a224193971b16207a786147d955c4eaaa1fc9f97f3ce324ab3c4174b693
SSDEEP

1536:Dh8Zc0c2TXH53F/y8fnFZTd6Ue6IWVvmfYC+zyl+U8/6O:d8Zc0hTH53F/y0nzTd6UjIWVvn+o

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1260	1140	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1140 wrote to memory of 1260	1140	d13a83f21851f42ecc503e31da341267ff9b3619f9288655a74c735dbd6c1634.exe	26
PID 1140 wrote to memory of 1260	1140	d13a83f21851f42ecc503e31da341267ff9b3619f9288655a74c735dbd6c1634.exe	26
PID 1140 wrote to memory of 1260	1140	d13a83f21851f42ecc503e31da341267ff9b3619f9288655a74c735dbd6c1634.exe	26
PID 1140 wrote to memory of 1260	1140	d13a83f21851f42ecc503e31da341267ff9b3619f9288655a74c735dbd6c1634.exe	26

C:\Users\Admin\AppData\Local\Temp\d13a83f21851f42ecc503e31da341267ff9b3619f9288655a74c735dbd6c1634.exe
"C:\Users\Admin\AppData\Local\Temp\d13a83f21851f42ecc503e31da341267ff9b3619f9288655a74c735dbd6c1634.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 164
  2⤵
  - Program crash
  PID:1260

memory/1140-54-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/1140-56-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1260-55-0x0000000000000000-mapping.dmp

Download