aceb7d5d2945d0f2175230c41c666b36e5e60beebefa86b2bfd717a2727485a4

Analysis

max time kernel
30s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 05:29

Target

aceb7d5d2945d0f2175230c41c666b36e5e60beebefa86b2bfd717a2727485a4.exe
Size

132KB
MD5

6399ebf70276c8b46e2af176fd03f186
SHA1

2a86267e06ebc51648745b88bb75a2e9f89c19a1
SHA256

aceb7d5d2945d0f2175230c41c666b36e5e60beebefa86b2bfd717a2727485a4
SHA512

a1654c457354a7fde4b3fd4d0138bed3901aed181b9b881e1c044b5cbc4ba189cecd30f570f7033764aa16aa933d2ce14366a3b1862d373782ec7dd851df808a
SSDEEP

3072:2/ZgC/uOY3G1dYzZZ3JfAg/UhCshlxTHzoI7h+aS1GW:GWC/zY3GzYzLJfv/UhFZzo0naGW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1948	1956	WerFault.exe	27

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 1948	1956	aceb7d5d2945d0f2175230c41c666b36e5e60beebefa86b2bfd717a2727485a4.exe	28
PID 1956 wrote to memory of 1948	1956	aceb7d5d2945d0f2175230c41c666b36e5e60beebefa86b2bfd717a2727485a4.exe	28
PID 1956 wrote to memory of 1948	1956	aceb7d5d2945d0f2175230c41c666b36e5e60beebefa86b2bfd717a2727485a4.exe	28
PID 1956 wrote to memory of 1948	1956	aceb7d5d2945d0f2175230c41c666b36e5e60beebefa86b2bfd717a2727485a4.exe	28
PID 1956 wrote to memory of 1948	1956	aceb7d5d2945d0f2175230c41c666b36e5e60beebefa86b2bfd717a2727485a4.exe	28
PID 1956 wrote to memory of 1948	1956	aceb7d5d2945d0f2175230c41c666b36e5e60beebefa86b2bfd717a2727485a4.exe	28
PID 1956 wrote to memory of 1948	1956	aceb7d5d2945d0f2175230c41c666b36e5e60beebefa86b2bfd717a2727485a4.exe	28

C:\Users\Admin\AppData\Local\Temp\aceb7d5d2945d0f2175230c41c666b36e5e60beebefa86b2bfd717a2727485a4.exe
"C:\Users\Admin\AppData\Local\Temp\aceb7d5d2945d0f2175230c41c666b36e5e60beebefa86b2bfd717a2727485a4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 268
  2⤵
  - Program crash
  PID:1948

memory/1956-54-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download
memory/1956-56-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1956-57-0x0000000000240000-0x0000000000265000-memory.dmp

Filesize
148KB

Download