1e80e0ec014bc7e53e6cccd3da604272a9acb672a7715af63197a06946f90210

Analysis

max time kernel
21s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 04:47

Target

1e80e0ec014bc7e53e6cccd3da604272a9acb672a7715af63197a06946f90210.exe
Size

888KB
MD5

2bea58f221f19546b63f7fb5266c534a
SHA1

0a38071259061359d1db8229dd22e55241d3dfe6
SHA256

1e80e0ec014bc7e53e6cccd3da604272a9acb672a7715af63197a06946f90210
SHA512

f0a5195811986af736219a12688c9f687324342e1d1f4531c5d39f37eab3a48e3c9604d7b7ab60f73b77123356dd700daad7bb15a1e0d4164976518008b06182
SSDEEP

12288:Gw8mfTMHc5cUVI6amQ7geAKMoFGN0zxMnf5Phrab7KbGMPbtI6Eifg0ads1Ev59W:Vf0CRa9Lqoa02hloKrZXgEEvH

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1732	1900	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 1732	1900	1e80e0ec014bc7e53e6cccd3da604272a9acb672a7715af63197a06946f90210.exe	28
PID 1900 wrote to memory of 1732	1900	1e80e0ec014bc7e53e6cccd3da604272a9acb672a7715af63197a06946f90210.exe	28
PID 1900 wrote to memory of 1732	1900	1e80e0ec014bc7e53e6cccd3da604272a9acb672a7715af63197a06946f90210.exe	28
PID 1900 wrote to memory of 1732	1900	1e80e0ec014bc7e53e6cccd3da604272a9acb672a7715af63197a06946f90210.exe	28

C:\Users\Admin\AppData\Local\Temp\1e80e0ec014bc7e53e6cccd3da604272a9acb672a7715af63197a06946f90210.exe
"C:\Users\Admin\AppData\Local\Temp\1e80e0ec014bc7e53e6cccd3da604272a9acb672a7715af63197a06946f90210.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 368
  2⤵
  - Program crash
  PID:1732

memory/1900-54-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

Filesize
8KB

Download
memory/1900-55-0x0000000000400000-0x0000000000566000-memory.dmp

Filesize
1.4MB

Download
memory/1900-57-0x0000000000400000-0x0000000000566000-memory.dmp

Filesize
1.4MB

Download