533456e93bbd2bc28d961c064a0e0f1a0b84dec4c83a5958f371d442595ade68

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 05:56

Target

533456e93bbd2bc28d961c064a0e0f1a0b84dec4c83a5958f371d442595ade68.exe
Size

83KB
MD5

765c2e596e730df8b8629076a74cb7d0
SHA1

52d5081e5ca6002754d372414d6f5266c1402c68
SHA256

533456e93bbd2bc28d961c064a0e0f1a0b84dec4c83a5958f371d442595ade68
SHA512

1bb07eb1b655facda1caa8d78088f7a3e5b8f48efc0ab0a02b40438d8dfca15e48fe14c5a11e7ffcd7a3bffdfb0dc7d1ad67ab99cde4950cd230bc58a3f4d815
SSDEEP

1536:b7777NuaFAU9CY31T51Bgj0ZAxO9xO00ZlpYtMlMXbCejEErxTWDTMqhGKYIZTEs:b7777N/Z31T5vE6AxZpmMlMXmejBkMqv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1224	1416	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 1224	1416	533456e93bbd2bc28d961c064a0e0f1a0b84dec4c83a5958f371d442595ade68.exe	27
PID 1416 wrote to memory of 1224	1416	533456e93bbd2bc28d961c064a0e0f1a0b84dec4c83a5958f371d442595ade68.exe	27
PID 1416 wrote to memory of 1224	1416	533456e93bbd2bc28d961c064a0e0f1a0b84dec4c83a5958f371d442595ade68.exe	27
PID 1416 wrote to memory of 1224	1416	533456e93bbd2bc28d961c064a0e0f1a0b84dec4c83a5958f371d442595ade68.exe	27

C:\Users\Admin\AppData\Local\Temp\533456e93bbd2bc28d961c064a0e0f1a0b84dec4c83a5958f371d442595ade68.exe
"C:\Users\Admin\AppData\Local\Temp\533456e93bbd2bc28d961c064a0e0f1a0b84dec4c83a5958f371d442595ade68.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 36
  2⤵
  - Program crash
  PID:1224

memory/1416-55-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download