5610b45dae8f57dfe3c4d352e116574d956652bc902ff9f63e33630b9c4e622d

Analysis

max time kernel
36s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 22:54

Target

5610b45dae8f57dfe3c4d352e116574d956652bc902ff9f63e33630b9c4e622d.exe
Size

760KB
MD5

575fae8d3e36f5438b86df5f6ae33fb0
SHA1

b993b825b8e984d3306c839d917e3b760fb10467
SHA256

5610b45dae8f57dfe3c4d352e116574d956652bc902ff9f63e33630b9c4e622d
SHA512

b3557eda32aaeb4017b2742f39cb9093299aceac7c61d76c0ea2b7c3ae4ea3e942f8198d4d124ab0365f4e98720c416c2582c8425da9bb8d84f4f97d5d92ebe6
SSDEEP

12288:s9dGC5syS5syS5Z5Z5Z5Z5Z5syC+m+YyS5syS5syS5Z5Z5syS5sy/yS5H:BG2C922e2as

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2000	2020	WerFault.exe	23

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2000	2020	5610b45dae8f57dfe3c4d352e116574d956652bc902ff9f63e33630b9c4e622d.exe	26
PID 2020 wrote to memory of 2000	2020	5610b45dae8f57dfe3c4d352e116574d956652bc902ff9f63e33630b9c4e622d.exe	26
PID 2020 wrote to memory of 2000	2020	5610b45dae8f57dfe3c4d352e116574d956652bc902ff9f63e33630b9c4e622d.exe	26
PID 2020 wrote to memory of 2000	2020	5610b45dae8f57dfe3c4d352e116574d956652bc902ff9f63e33630b9c4e622d.exe	26

C:\Users\Admin\AppData\Local\Temp\5610b45dae8f57dfe3c4d352e116574d956652bc902ff9f63e33630b9c4e622d.exe
"C:\Users\Admin\AppData\Local\Temp\5610b45dae8f57dfe3c4d352e116574d956652bc902ff9f63e33630b9c4e622d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 88
  2⤵
  - Program crash
  PID:2000

memory/2020-54-0x0000000000400000-0x0000000000408D64-memory.dmp

Filesize
35KB

Download