16d652fc05ef95cf2b1b40bfe731fb1fef41be04cbf6d5ee49ffab2dc6e10704

Analysis

max time kernel
19s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 20:30

Target

16d652fc05ef95cf2b1b40bfe731fb1fef41be04cbf6d5ee49ffab2dc6e10704.exe
Size

320KB
MD5

a11a9c50c233e7c1182b4101e1c04f50
SHA1

f834e90c169e511da056635d29390218dd9ed348
SHA256

16d652fc05ef95cf2b1b40bfe731fb1fef41be04cbf6d5ee49ffab2dc6e10704
SHA512

df11d13f3321fc624c8d0dfeebe2d82e6f14f3aaad4c4bcc034c14074a78e64ed6c513d36dbd5b7b697e6e96fd3186a39fd1f72e70862faf5229c6b3d9bc556a
SSDEEP

6144:GU777rBzFY3DBmO0tH2RfS155ONNXBuWoJBO9OMbHLkAqF7Ief9UmM7/uT:GU777VUDBW2EB0NxDIBuOFe7/uT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1896	916	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 916 wrote to memory of 1896	916	16d652fc05ef95cf2b1b40bfe731fb1fef41be04cbf6d5ee49ffab2dc6e10704.exe	27
PID 916 wrote to memory of 1896	916	16d652fc05ef95cf2b1b40bfe731fb1fef41be04cbf6d5ee49ffab2dc6e10704.exe	27
PID 916 wrote to memory of 1896	916	16d652fc05ef95cf2b1b40bfe731fb1fef41be04cbf6d5ee49ffab2dc6e10704.exe	27
PID 916 wrote to memory of 1896	916	16d652fc05ef95cf2b1b40bfe731fb1fef41be04cbf6d5ee49ffab2dc6e10704.exe	27

C:\Users\Admin\AppData\Local\Temp\16d652fc05ef95cf2b1b40bfe731fb1fef41be04cbf6d5ee49ffab2dc6e10704.exe
"C:\Users\Admin\AppData\Local\Temp\16d652fc05ef95cf2b1b40bfe731fb1fef41be04cbf6d5ee49ffab2dc6e10704.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:916
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 36
  2⤵
  - Program crash
  PID:1896

memory/916-55-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download