1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 20:27

Target

1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750.exe
Size

320KB
MD5

a231f7a3ac315023f6d9ee5226c72090
SHA1

964aadc284a713da3ecd68a131cbeada984e5f37
SHA256

1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750
SHA512

7a3ffa20cd89616c5ba67121796567056b7a83e2de4ff12cb0520d31e1c5f58b55e9b3c4ebb6aed18baee04b5c17ea378a54a305fbc3ede0181798f181c2abb7
SSDEEP

6144:4PYilTNi+waIDLG9M+H2RfS155ONNXBuWoJBO9OMbHLkAqF7Ief9UmM7/uT:IPldwaoLU2EB0NxDIBuOFe7/uT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1984	1148	WerFault.exe	24

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 1984	1148	1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750.exe	26
PID 1148 wrote to memory of 1984	1148	1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750.exe	26
PID 1148 wrote to memory of 1984	1148	1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750.exe	26
PID 1148 wrote to memory of 1984	1148	1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750.exe	26

C:\Users\Admin\AppData\Local\Temp\1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750.exe
"C:\Users\Admin\AppData\Local\Temp\1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 36
  2⤵
  - Program crash
  PID:1984

memory/1148-55-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download