5fdfd8394efe8de1b278a73390c33fa4a21269d28270249177d0a4d41d8b1d74

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 07:39

Target

5fdfd8394efe8de1b278a73390c33fa4a21269d28270249177d0a4d41d8b1d74.exe
Size

196KB
MD5

552cb86184cbb8eee829dc22c127bb1f
SHA1

16655b352a276dbca322266d0beef415ab8da1af
SHA256

5fdfd8394efe8de1b278a73390c33fa4a21269d28270249177d0a4d41d8b1d74
SHA512

35b8e30752f0a38755f977e5e63b2a4599a64e0248f062d2fcc7997b7961b29a7a79a48d762673e843d844e5fac8d1e1a5252855a5970acd8f2efba9a961f1c1
SSDEEP

3072:G2HMnw9YD/z2FO6MiXe3ZfkgXme1RcMdZg21OMJ6tjhtH:2nw9w6FOCXe3ZMgXme7TggO86/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1208	1752	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 1208	1752	5fdfd8394efe8de1b278a73390c33fa4a21269d28270249177d0a4d41d8b1d74.exe	28
PID 1752 wrote to memory of 1208	1752	5fdfd8394efe8de1b278a73390c33fa4a21269d28270249177d0a4d41d8b1d74.exe	28
PID 1752 wrote to memory of 1208	1752	5fdfd8394efe8de1b278a73390c33fa4a21269d28270249177d0a4d41d8b1d74.exe	28
PID 1752 wrote to memory of 1208	1752	5fdfd8394efe8de1b278a73390c33fa4a21269d28270249177d0a4d41d8b1d74.exe	28

C:\Users\Admin\AppData\Local\Temp\5fdfd8394efe8de1b278a73390c33fa4a21269d28270249177d0a4d41d8b1d74.exe
"C:\Users\Admin\AppData\Local\Temp\5fdfd8394efe8de1b278a73390c33fa4a21269d28270249177d0a4d41d8b1d74.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 128
  2⤵
  - Program crash
  PID:1208

memory/1752-55-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download