8d01aafe4215cd5904a571b4dd5944ce4a134c79d671b0d6a3d5622cf9e06531

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 04:19

Target

8d01aafe4215cd5904a571b4dd5944ce4a134c79d671b0d6a3d5622cf9e06531.exe
Size

780KB
MD5

5ba84b193228a7e3a4af298ac53b2080
SHA1

5f5e614536d388353475011874c9c8c9d911a976
SHA256

8d01aafe4215cd5904a571b4dd5944ce4a134c79d671b0d6a3d5622cf9e06531
SHA512

9dfb549789c0b258f684e59c7ee81e258aa616259868f6a51bb47aedca051add80cab01cec9022809a485d0e2624560243cbc12257200725802e8bac55190b02
SSDEEP

3072:mPuQZlkfL0f6loWhS8whG9pvvLVyriRK0NQv:El6LI6lNhSo9p3xyriRK0s

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1536	768	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 768 wrote to memory of 1536	768	8d01aafe4215cd5904a571b4dd5944ce4a134c79d671b0d6a3d5622cf9e06531.exe	27
PID 768 wrote to memory of 1536	768	8d01aafe4215cd5904a571b4dd5944ce4a134c79d671b0d6a3d5622cf9e06531.exe	27
PID 768 wrote to memory of 1536	768	8d01aafe4215cd5904a571b4dd5944ce4a134c79d671b0d6a3d5622cf9e06531.exe	27
PID 768 wrote to memory of 1536	768	8d01aafe4215cd5904a571b4dd5944ce4a134c79d671b0d6a3d5622cf9e06531.exe	27

C:\Users\Admin\AppData\Local\Temp\8d01aafe4215cd5904a571b4dd5944ce4a134c79d671b0d6a3d5622cf9e06531.exe
"C:\Users\Admin\AppData\Local\Temp\8d01aafe4215cd5904a571b4dd5944ce4a134c79d671b0d6a3d5622cf9e06531.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:768
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 164
  2⤵
  - Program crash
  PID:1536

memory/768-54-0x0000000076871000-0x0000000076873000-memory.dmp

Filesize
8KB

Download
memory/768-56-0x0000000000400000-0x00000000004C3000-memory.dmp

Filesize
780KB

Download