cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d

Analysis

max time kernel
38s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 04:15

Target

cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d.exe
Size

216KB
MD5

5f1be5061d0b43c0c3bda688543f6b20
SHA1

5505ccfaa16cff45350f27ecb2d4b93901136ff3
SHA256

cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d
SHA512

5ded78d5c7b197458e128f69d7afef7c93db3447eef4ae438b9bbe0e654ec7f487aff5e4c2bf396022494aee3496903199faf5ec3575759546dc5c3a1b10433f
SSDEEP

6144:up5p9qAZcR/6TkINwl3EagHlwJKrqGoci:859C1GagHwOqFJ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1696	240	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 240 wrote to memory of 1696	240	cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d.exe	28
PID 240 wrote to memory of 1696	240	cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d.exe	28
PID 240 wrote to memory of 1696	240	cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d.exe	28
PID 240 wrote to memory of 1696	240	cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d.exe	28

C:\Users\Admin\AppData\Local\Temp\cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d.exe
"C:\Users\Admin\AppData\Local\Temp\cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:240
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 136
  2⤵
  - Program crash
  PID:1696

memory/240-54-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

Filesize
8KB

Download
memory/240-56-0x0000000001000000-0x0000000001033000-memory.dmp

Filesize
204KB

Download