9fc4d99e22500f592b4e02edd5d0cb185bacde3da59f3de246083919b99d3474

Analysis

max time kernel
34s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 11:49

Target

9fc4d99e22500f592b4e02edd5d0cb185bacde3da59f3de246083919b99d3474.exe
Size

533KB
MD5

24db104a7ffa178a63de1e9952f2f020
SHA1

c3b47191883e6b9776383b7acc4a119f8881df04
SHA256

9fc4d99e22500f592b4e02edd5d0cb185bacde3da59f3de246083919b99d3474
SHA512

2e3bcea92c3d7d0d3c0f288d4375e998d7bf088965038c71b9156a9ba3f45d9258a2474bf604a2021bb9e65b6d323bd403fe7f9389ae9f623f29f7f14f8cf501
SSDEEP

12288:Hz7E1b1q46GhoUmT50g40DHIqSjsi16k5gpqTR:3E/q8WUmN0UDodjs7s

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2020	1664	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2020	1664	9fc4d99e22500f592b4e02edd5d0cb185bacde3da59f3de246083919b99d3474.exe	28
PID 1664 wrote to memory of 2020	1664	9fc4d99e22500f592b4e02edd5d0cb185bacde3da59f3de246083919b99d3474.exe	28
PID 1664 wrote to memory of 2020	1664	9fc4d99e22500f592b4e02edd5d0cb185bacde3da59f3de246083919b99d3474.exe	28
PID 1664 wrote to memory of 2020	1664	9fc4d99e22500f592b4e02edd5d0cb185bacde3da59f3de246083919b99d3474.exe	28

C:\Users\Admin\AppData\Local\Temp\9fc4d99e22500f592b4e02edd5d0cb185bacde3da59f3de246083919b99d3474.exe
"C:\Users\Admin\AppData\Local\Temp\9fc4d99e22500f592b4e02edd5d0cb185bacde3da59f3de246083919b99d3474.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 168
  2⤵
  - Program crash
  PID:2020

memory/1664-54-0x0000000076181000-0x0000000076183000-memory.dmp

Filesize
8KB

Download
memory/1664-56-0x0000000000F00000-0x0000000000F65000-memory.dmp

Filesize
404KB

Download