5565baa42a681bd66153745d02c582d93f28955157d509c78bafd9f05f298c2b

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 20:59

Target

5565baa42a681bd66153745d02c582d93f28955157d509c78bafd9f05f298c2b.exe
Size

388KB
MD5

7adc63bc0cf957fc0c0fdb29ae5ee690
SHA1

0843fb4b233587e22cf1bc17dd712d0d2c6e342e
SHA256

5565baa42a681bd66153745d02c582d93f28955157d509c78bafd9f05f298c2b
SHA512

13d84aac1278d6a3b8991f6be71f54bf2c3e983dcc53bf012973b0df7cd23922eec6830fdc0e9ece0013413935ba34f20a89e6c0c53d5c6e1f71a7e0c8a1ecf4
SSDEEP

6144:s9dGnbNRy/y1w5Kw5Kw5Kw5sy/y1w5Kw5sy/yibSj:s9dGvy/yS5Z5Z5Z5sy/yS5Z5sy/y8u

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1580	2012	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 1580	2012	5565baa42a681bd66153745d02c582d93f28955157d509c78bafd9f05f298c2b.exe	28
PID 2012 wrote to memory of 1580	2012	5565baa42a681bd66153745d02c582d93f28955157d509c78bafd9f05f298c2b.exe	28
PID 2012 wrote to memory of 1580	2012	5565baa42a681bd66153745d02c582d93f28955157d509c78bafd9f05f298c2b.exe	28
PID 2012 wrote to memory of 1580	2012	5565baa42a681bd66153745d02c582d93f28955157d509c78bafd9f05f298c2b.exe	28

C:\Users\Admin\AppData\Local\Temp\5565baa42a681bd66153745d02c582d93f28955157d509c78bafd9f05f298c2b.exe
"C:\Users\Admin\AppData\Local\Temp\5565baa42a681bd66153745d02c582d93f28955157d509c78bafd9f05f298c2b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 88
  2⤵
  - Program crash
  PID:1580

memory/2012-55-0x0000000000400000-0x0000000000408D64-memory.dmp

Filesize
35KB

Download