3e658f5f8eacf05bdf8379003c48580a93aa248242eacc5152eb653fd3e5ed55

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 20:18

Target

3e658f5f8eacf05bdf8379003c48580a93aa248242eacc5152eb653fd3e5ed55.exe
Size

320KB
MD5

a2055aaa933bef196809595ab2c50ea0
SHA1

733c9d5a46630a304c4be8858cd252f13703865d
SHA256

3e658f5f8eacf05bdf8379003c48580a93aa248242eacc5152eb653fd3e5ed55
SHA512

afd2ee2fa3bf42fd303ed0161db679bff016dae85a7fe95cbd32d9ea2e241e684523f0e8baaa0cb1482945a7a073b6e583efc815db40d3196ab611907d317d9b
SSDEEP

6144:wLw3w3w3w37/dTpN5FShH2RfS155ONNXBuWoJBO9OMbHLkAqF7Ief9UmM7/uT:WyyyyDdVEp2EB0NxDIBuOFe7/uT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1836	1760	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 1836	1760	3e658f5f8eacf05bdf8379003c48580a93aa248242eacc5152eb653fd3e5ed55.exe	28
PID 1760 wrote to memory of 1836	1760	3e658f5f8eacf05bdf8379003c48580a93aa248242eacc5152eb653fd3e5ed55.exe	28
PID 1760 wrote to memory of 1836	1760	3e658f5f8eacf05bdf8379003c48580a93aa248242eacc5152eb653fd3e5ed55.exe	28
PID 1760 wrote to memory of 1836	1760	3e658f5f8eacf05bdf8379003c48580a93aa248242eacc5152eb653fd3e5ed55.exe	28

C:\Users\Admin\AppData\Local\Temp\3e658f5f8eacf05bdf8379003c48580a93aa248242eacc5152eb653fd3e5ed55.exe
"C:\Users\Admin\AppData\Local\Temp\3e658f5f8eacf05bdf8379003c48580a93aa248242eacc5152eb653fd3e5ed55.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 36
  2⤵
  - Program crash
  PID:1836

memory/1760-55-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download