1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 08:16

Target

1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7.exe
Size

231KB
MD5

6e264ad464454392d5fbe1073f39c766
SHA1

ab3150b06c01c7c42c434034ca58b57802524a67
SHA256

1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7
SHA512

a442c2272e56c48797f24ffb14c3ca807c20b914a30ffc8558616e4e238ff3424f893afcb5899ab5e76049314bcaa7e830a3e390cdc51fc354c8a91388b74cd9
SSDEEP

6144:Isceqs5qIhYzq40b8cRtedIkQ9mMEgr1f/7Mfz:Isce4IhYG1b7edITm4f/7ML

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1496	2016	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1496	2016	1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7.exe	27
PID 2016 wrote to memory of 1496	2016	1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7.exe	27
PID 2016 wrote to memory of 1496	2016	1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7.exe	27
PID 2016 wrote to memory of 1496	2016	1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7.exe	27

C:\Users\Admin\AppData\Local\Temp\1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7.exe
"C:\Users\Admin\AppData\Local\Temp\1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 44
  2⤵
  - Program crash
  PID:1496

memory/2016-55-0x0000000001000000-0x0000000001107000-memory.dmp

Filesize
1.0MB

Download