e6d46d9bb1f9a0171ffff6fef0636ae18a1b41f8115ba94decb59802fae2b29e

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 00:21

Target

e6d46d9bb1f9a0171ffff6fef0636ae18a1b41f8115ba94decb59802fae2b29e.exe
Size

320KB
MD5

53849037db3c626acb6646cfbd78efa0
SHA1

e7c09f8bfbfc6de60f704638f5200c063203ac22
SHA256

e6d46d9bb1f9a0171ffff6fef0636ae18a1b41f8115ba94decb59802fae2b29e
SHA512

669ec935ce6624b1f56f03cdf93c22ee35a39ff013b4aa2dc5ecb87a0b86468ce09bef9912962490c3d51f3c75b02039412668dfc1899f2dfb4cd96a87676a19
SSDEEP

6144:p8tE6v6H2RfS155ONNXBuWoJBO9OMbHLkAqF7Ief9UmM7/uT:e+6Q2EB0NxDIBuOFe7/uT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1968	2000	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1968	2000	e6d46d9bb1f9a0171ffff6fef0636ae18a1b41f8115ba94decb59802fae2b29e.exe	26
PID 2000 wrote to memory of 1968	2000	e6d46d9bb1f9a0171ffff6fef0636ae18a1b41f8115ba94decb59802fae2b29e.exe	26
PID 2000 wrote to memory of 1968	2000	e6d46d9bb1f9a0171ffff6fef0636ae18a1b41f8115ba94decb59802fae2b29e.exe	26
PID 2000 wrote to memory of 1968	2000	e6d46d9bb1f9a0171ffff6fef0636ae18a1b41f8115ba94decb59802fae2b29e.exe	26

C:\Users\Admin\AppData\Local\Temp\e6d46d9bb1f9a0171ffff6fef0636ae18a1b41f8115ba94decb59802fae2b29e.exe
"C:\Users\Admin\AppData\Local\Temp\e6d46d9bb1f9a0171ffff6fef0636ae18a1b41f8115ba94decb59802fae2b29e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 36
  2⤵
  - Program crash
  PID:1968

memory/2000-54-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download