6f3fe8426ecf1616eff3e3380a697f503bb3c39c4430c76f5855252c441dcf9e

Analysis

max time kernel
148s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
17/10/2022, 20:15

Target

6f3fe8426ecf1616eff3e3380a697f503bb3c39c4430c76f5855252c441dcf9e.exe
Size

3.1MB
MD5

1a9ae891466ddd309bcc13cef6cb6e17
SHA1

c76aa630f9f016e0d238e106e914b99b537795f8
SHA256

6f3fe8426ecf1616eff3e3380a697f503bb3c39c4430c76f5855252c441dcf9e
SHA512

c94f5e960a319e2480ba072ba02ea635b1a41585bd521a9ddd5cbc4a8e99b0a4c6911837174c1c26662ecfc9657c0049b5f905ed483e3af595c9786dc2784f79
SSDEEP

24576:BpobRvCCHdsZXswB9qW2Iq8j8+0y9zCPYzLsN6IzV/VMmTkybnqy74:BpoN39sKwK+f9C+wpdMm4ybn174

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
932	960	WerFault.exe	26

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 1944	960	6f3fe8426ecf1616eff3e3380a697f503bb3c39c4430c76f5855252c441dcf9e.exe	27
PID 960 wrote to memory of 1944	960	6f3fe8426ecf1616eff3e3380a697f503bb3c39c4430c76f5855252c441dcf9e.exe	27
PID 960 wrote to memory of 1944	960	6f3fe8426ecf1616eff3e3380a697f503bb3c39c4430c76f5855252c441dcf9e.exe	27
PID 960 wrote to memory of 1944	960	6f3fe8426ecf1616eff3e3380a697f503bb3c39c4430c76f5855252c441dcf9e.exe	27
PID 960 wrote to memory of 932	960	6f3fe8426ecf1616eff3e3380a697f503bb3c39c4430c76f5855252c441dcf9e.exe	28
PID 960 wrote to memory of 932	960	6f3fe8426ecf1616eff3e3380a697f503bb3c39c4430c76f5855252c441dcf9e.exe	28
PID 960 wrote to memory of 932	960	6f3fe8426ecf1616eff3e3380a697f503bb3c39c4430c76f5855252c441dcf9e.exe	28
PID 960 wrote to memory of 932	960	6f3fe8426ecf1616eff3e3380a697f503bb3c39c4430c76f5855252c441dcf9e.exe	28

C:\Users\Admin\AppData\Local\Temp\6f3fe8426ecf1616eff3e3380a697f503bb3c39c4430c76f5855252c441dcf9e.exe
"C:\Users\Admin\AppData\Local\Temp\6f3fe8426ecf1616eff3e3380a697f503bb3c39c4430c76f5855252c441dcf9e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:960
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:1944
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 496
  2⤵
  - Program crash
  PID:932

memory/960-54-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download
memory/1944-56-0x000007FEFC011000-0x000007FEFC013000-memory.dmp

Filesize
8KB

Download