c93de7f9023cd734ed1964be3b346a4e956b77587bbaa0c27224075aa97d8fc3

Analysis

max time kernel
37s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 12:45

Target

c93de7f9023cd734ed1964be3b346a4e956b77587bbaa0c27224075aa97d8fc3.exe
Size

63KB
MD5

64097b12ae6f6fd312fe1ebea7ec5c9c
SHA1

84b833bb8726b37700687fc70caa626470afc5bc
SHA256

c93de7f9023cd734ed1964be3b346a4e956b77587bbaa0c27224075aa97d8fc3
SHA512

97d78dcc7555ced001e8fd528ec569f6c2239849d1ef827b24fc21e8caa701d1d4453149aa7f4dd1d997d7b69d5169967180988067d85103cc0b4c205ccfe826
SSDEEP

1536:0r3oaunbeIIHnSAwaIHwapsqPOqKrhWKCW:so3nbQXMDpsqPp9W

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1944	1708	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1944	1708	c93de7f9023cd734ed1964be3b346a4e956b77587bbaa0c27224075aa97d8fc3.exe	26
PID 1708 wrote to memory of 1944	1708	c93de7f9023cd734ed1964be3b346a4e956b77587bbaa0c27224075aa97d8fc3.exe	26
PID 1708 wrote to memory of 1944	1708	c93de7f9023cd734ed1964be3b346a4e956b77587bbaa0c27224075aa97d8fc3.exe	26
PID 1708 wrote to memory of 1944	1708	c93de7f9023cd734ed1964be3b346a4e956b77587bbaa0c27224075aa97d8fc3.exe	26

C:\Users\Admin\AppData\Local\Temp\c93de7f9023cd734ed1964be3b346a4e956b77587bbaa0c27224075aa97d8fc3.exe
"C:\Users\Admin\AppData\Local\Temp\c93de7f9023cd734ed1964be3b346a4e956b77587bbaa0c27224075aa97d8fc3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 36
  2⤵
  - Program crash
  PID:1944

memory/1708-55-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download