09ca888b418c3cd316aad5ed61e992280a748a9aefb8756a0a1324cb918957ec

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 03:03

Target

09ca888b418c3cd316aad5ed61e992280a748a9aefb8756a0a1324cb918957ec.exe
Size

9KB
MD5

5262545179d7263975744a839c18b829
SHA1

17637fc2a989ab45653621f1c447bbdb0a56cb4f
SHA256

09ca888b418c3cd316aad5ed61e992280a748a9aefb8756a0a1324cb918957ec
SHA512

fb44ad4f3caae2d2b2c60fedc77e4a5e278c8201d92bd6de8009f0e65718b1fe81483f5ca22218cf7f3c4996114dd135acde8a56db944f7993c7a00afa483a2c
SSDEEP

192:Iij9ced8i32N4ytXLlgnT8Xna1S48Z+9O:I8maaXLWTGnat5O

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1108	108	WerFault.exe	10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 108 wrote to memory of 1108	108	09ca888b418c3cd316aad5ed61e992280a748a9aefb8756a0a1324cb918957ec.exe	27
PID 108 wrote to memory of 1108	108	09ca888b418c3cd316aad5ed61e992280a748a9aefb8756a0a1324cb918957ec.exe	27
PID 108 wrote to memory of 1108	108	09ca888b418c3cd316aad5ed61e992280a748a9aefb8756a0a1324cb918957ec.exe	27
PID 108 wrote to memory of 1108	108	09ca888b418c3cd316aad5ed61e992280a748a9aefb8756a0a1324cb918957ec.exe	27

C:\Users\Admin\AppData\Local\Temp\09ca888b418c3cd316aad5ed61e992280a748a9aefb8756a0a1324cb918957ec.exe
"C:\Users\Admin\AppData\Local\Temp\09ca888b418c3cd316aad5ed61e992280a748a9aefb8756a0a1324cb918957ec.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:108
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 52
  2⤵
  - Program crash
  PID:1108

memory/108-55-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download