0c2a978e9f51ba7690b1fe4efb6baaf923fb4dd55476dbdfe346c2715e49e45f

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 04:59

Target

0c2a978e9f51ba7690b1fe4efb6baaf923fb4dd55476dbdfe346c2715e49e45f.exe
Size

300KB
MD5

1c41e056f4e47f3c4ac778e315900e6a
SHA1

eb415bd077e00425f04a9ed7d63e72f84c4de91c
SHA256

0c2a978e9f51ba7690b1fe4efb6baaf923fb4dd55476dbdfe346c2715e49e45f
SHA512

6c1b15e923d7b992702fa6c60503479e17ab4c13898f1a8d8e6e8b901f8be85138c0f801e22f6c178dcacc4c4a7ff5360a6b27ccc25f820c2149e639cee6dc4e
SSDEEP

6144:nTc5EeHxDkl9NF86Q4bw10yxASP/tpm73I7j5cRIWjrZs:njeHhz6+1/xj12UjiRIgs

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1820	368	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 368 wrote to memory of 1820	368	0c2a978e9f51ba7690b1fe4efb6baaf923fb4dd55476dbdfe346c2715e49e45f.exe	27
PID 368 wrote to memory of 1820	368	0c2a978e9f51ba7690b1fe4efb6baaf923fb4dd55476dbdfe346c2715e49e45f.exe	27
PID 368 wrote to memory of 1820	368	0c2a978e9f51ba7690b1fe4efb6baaf923fb4dd55476dbdfe346c2715e49e45f.exe	27
PID 368 wrote to memory of 1820	368	0c2a978e9f51ba7690b1fe4efb6baaf923fb4dd55476dbdfe346c2715e49e45f.exe	27

C:\Users\Admin\AppData\Local\Temp\0c2a978e9f51ba7690b1fe4efb6baaf923fb4dd55476dbdfe346c2715e49e45f.exe
"C:\Users\Admin\AppData\Local\Temp\0c2a978e9f51ba7690b1fe4efb6baaf923fb4dd55476dbdfe346c2715e49e45f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:368
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 88
  2⤵
  - Program crash
  PID:1820

memory/368-55-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download