7fc04e73ab9e17357a614bf6c74d882fe7830b5636ebe47719e0412a9fc157b5

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 15:04

Target

7fc04e73ab9e17357a614bf6c74d882fe7830b5636ebe47719e0412a9fc157b5.exe
Size

32KB
MD5

65fa1bec50e8457fd537ab0fad53dd40
SHA1

d9ae919224a935d883735c76e38b7eb36b2cdc69
SHA256

7fc04e73ab9e17357a614bf6c74d882fe7830b5636ebe47719e0412a9fc157b5
SHA512

ec8b86a66d53b611d1d0d74cdd21c2a977d974a1a7bbd55b980f620efd815cdd4cb20e30fab5cbcda1f6a10b0f2ab70babf23f83a60ebea62988689dbf0f56c9
SSDEEP

384:T93RMDgWQA4+HGDMa2l3kB9pg76Y5eF4oqCkNBkh5N7tI8UTPNH5WRoj7ZSiyF5f:1HckB3g7VkGoqCkHYtrYDBj7Zwsry

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1044	1688	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 1044	1688	7fc04e73ab9e17357a614bf6c74d882fe7830b5636ebe47719e0412a9fc157b5.exe	27
PID 1688 wrote to memory of 1044	1688	7fc04e73ab9e17357a614bf6c74d882fe7830b5636ebe47719e0412a9fc157b5.exe	27
PID 1688 wrote to memory of 1044	1688	7fc04e73ab9e17357a614bf6c74d882fe7830b5636ebe47719e0412a9fc157b5.exe	27
PID 1688 wrote to memory of 1044	1688	7fc04e73ab9e17357a614bf6c74d882fe7830b5636ebe47719e0412a9fc157b5.exe	27

C:\Users\Admin\AppData\Local\Temp\7fc04e73ab9e17357a614bf6c74d882fe7830b5636ebe47719e0412a9fc157b5.exe
"C:\Users\Admin\AppData\Local\Temp\7fc04e73ab9e17357a614bf6c74d882fe7830b5636ebe47719e0412a9fc157b5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 36
  2⤵
  - Program crash
  PID:1044

memory/1688-55-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download