bcb58b096a88382c09265e79257429903126d317a5a8cfe6f6ec0bbd99e0771e

Analysis

max time kernel
37s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
10/10/2022, 23:54

Target

bcb58b096a88382c09265e79257429903126d317a5a8cfe6f6ec0bbd99e0771e.exe
Size

271KB
MD5

7d2b844c466550fcb3c4f733d71b7130
SHA1

611fcaf902e75e853644fdebba821495802e98bb
SHA256

bcb58b096a88382c09265e79257429903126d317a5a8cfe6f6ec0bbd99e0771e
SHA512

8d015295e6108b4803cd7952b7d01873443c7943a34f5df394f6fd19c1ada262f9ff2e977726a89b01b8ac444eb6f7aeb1ce44ca7fc8a8490a4c9b55a22b6cd3
SSDEEP

6144:wLMANUeqou6maoARq5r2laPwwqH3wRPh2E5JqQ5vUnXcP8R:wQAv66m7r2l4+HARPhLq+askR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2032	784	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 784 wrote to memory of 2032	784	bcb58b096a88382c09265e79257429903126d317a5a8cfe6f6ec0bbd99e0771e.exe	26
PID 784 wrote to memory of 2032	784	bcb58b096a88382c09265e79257429903126d317a5a8cfe6f6ec0bbd99e0771e.exe	26
PID 784 wrote to memory of 2032	784	bcb58b096a88382c09265e79257429903126d317a5a8cfe6f6ec0bbd99e0771e.exe	26
PID 784 wrote to memory of 2032	784	bcb58b096a88382c09265e79257429903126d317a5a8cfe6f6ec0bbd99e0771e.exe	26

C:\Users\Admin\AppData\Local\Temp\bcb58b096a88382c09265e79257429903126d317a5a8cfe6f6ec0bbd99e0771e.exe
"C:\Users\Admin\AppData\Local\Temp\bcb58b096a88382c09265e79257429903126d317a5a8cfe6f6ec0bbd99e0771e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:784
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 104
  2⤵
  - Program crash
  PID:2032

memory/784-55-0x0000000000860000-0x000000000087B000-memory.dmp

Filesize
108KB

Download