fef58d74b04eb1f73a9f49d17bbbfa1c59d766b509ab8ca99c6b7a40bc737861

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 06:12

Target

fef58d74b04eb1f73a9f49d17bbbfa1c59d766b509ab8ca99c6b7a40bc737861.exe
Size

324KB
MD5

682c09f413dc7eb1323c71c7b5bfbc90
SHA1

7c7a19d372af00be8faebef2ba42cdc0859bae2f
SHA256

fef58d74b04eb1f73a9f49d17bbbfa1c59d766b509ab8ca99c6b7a40bc737861
SHA512

afa0dc7be8c200a635d3657527521f696e9a5e8d7bc91a60300f44950e7cae61b78b00787560e238efb77072b349b00d1001e7813e696fffe77925ea0685a939
SSDEEP

3072:jtWGSGtGSGOGOGlGln+VD/m8ClX0kUb+16H6b5p8I0yH/JN8HOWShM+L7aL7:jwbELf/MR/cWdi5pV/JNWOVhM

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
688	1112	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 688	1112	fef58d74b04eb1f73a9f49d17bbbfa1c59d766b509ab8ca99c6b7a40bc737861.exe	28
PID 1112 wrote to memory of 688	1112	fef58d74b04eb1f73a9f49d17bbbfa1c59d766b509ab8ca99c6b7a40bc737861.exe	28
PID 1112 wrote to memory of 688	1112	fef58d74b04eb1f73a9f49d17bbbfa1c59d766b509ab8ca99c6b7a40bc737861.exe	28
PID 1112 wrote to memory of 688	1112	fef58d74b04eb1f73a9f49d17bbbfa1c59d766b509ab8ca99c6b7a40bc737861.exe	28

C:\Users\Admin\AppData\Local\Temp\fef58d74b04eb1f73a9f49d17bbbfa1c59d766b509ab8ca99c6b7a40bc737861.exe
"C:\Users\Admin\AppData\Local\Temp\fef58d74b04eb1f73a9f49d17bbbfa1c59d766b509ab8ca99c6b7a40bc737861.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 120
  2⤵
  - Program crash
  PID:688

memory/688-55-0x0000000000000000-mapping.dmp

Download
memory/1112-54-0x0000000074D61000-0x0000000074D63000-memory.dmp

Filesize
8KB

Download
memory/1112-56-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download