0f8d2b337f974b27b450ad8753b840f80ac6458edf86c7e1386d5bd54ad476c6

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 08:22

Target

0f8d2b337f974b27b450ad8753b840f80ac6458edf86c7e1386d5bd54ad476c6.exe
Size

52KB
MD5

6be6fcf6f1edf21d6aec9cad366287e0
SHA1

196566fcb064e1bfe435970abf72710b3c03006e
SHA256

0f8d2b337f974b27b450ad8753b840f80ac6458edf86c7e1386d5bd54ad476c6
SHA512

35733b8b4b8df26240c05b73538ecde71e1cba813e82083da6dd17b9afe889bd38f18c23dc2d684298f0aa0a31e0d10670ec5a7632d3fe1776645e0fe6f3e5a1
SSDEEP

384:E2XSa4q4daJWr4esELbr8jAgPvpnKbcDsqcULBYq48c3pUccvf:vOr3syr8jrpMcIvULBc2ccn

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1524	1456	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 1524	1456	0f8d2b337f974b27b450ad8753b840f80ac6458edf86c7e1386d5bd54ad476c6.exe	26
PID 1456 wrote to memory of 1524	1456	0f8d2b337f974b27b450ad8753b840f80ac6458edf86c7e1386d5bd54ad476c6.exe	26
PID 1456 wrote to memory of 1524	1456	0f8d2b337f974b27b450ad8753b840f80ac6458edf86c7e1386d5bd54ad476c6.exe	26
PID 1456 wrote to memory of 1524	1456	0f8d2b337f974b27b450ad8753b840f80ac6458edf86c7e1386d5bd54ad476c6.exe	26

C:\Users\Admin\AppData\Local\Temp\0f8d2b337f974b27b450ad8753b840f80ac6458edf86c7e1386d5bd54ad476c6.exe
"C:\Users\Admin\AppData\Local\Temp\0f8d2b337f974b27b450ad8753b840f80ac6458edf86c7e1386d5bd54ad476c6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 88
  2⤵
  - Program crash
  PID:1524

memory/1456-55-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download