f4f767ef1b50792b0b8bc1ceb42bb10f57ef0564fbd7647e146bcad9e4d53fc3

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 23:35

Target

f4f767ef1b50792b0b8bc1ceb42bb10f57ef0564fbd7647e146bcad9e4d53fc3.exe
Size

993KB
MD5

44c6545d2e313117519ba4c6624234e0
SHA1

f877180041ac12f80031d0b2dd9f256e580a6d9c
SHA256

f4f767ef1b50792b0b8bc1ceb42bb10f57ef0564fbd7647e146bcad9e4d53fc3
SHA512

66047ef679b1e3dda1228744b9f6da7af003e5b347fee36aee67c23d765443bd0200a676f9d65eb8eea854a3dcbd8d4b458f558394fed06befc6b839312b4f0f
SSDEEP

24576:cxqT31T6WE6I5jKqosOm+b+PAOK8mhlagr:z6WE6IN95+b58mugr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1452	1952	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 1452	1952	f4f767ef1b50792b0b8bc1ceb42bb10f57ef0564fbd7647e146bcad9e4d53fc3.exe	28
PID 1952 wrote to memory of 1452	1952	f4f767ef1b50792b0b8bc1ceb42bb10f57ef0564fbd7647e146bcad9e4d53fc3.exe	28
PID 1952 wrote to memory of 1452	1952	f4f767ef1b50792b0b8bc1ceb42bb10f57ef0564fbd7647e146bcad9e4d53fc3.exe	28
PID 1952 wrote to memory of 1452	1952	f4f767ef1b50792b0b8bc1ceb42bb10f57ef0564fbd7647e146bcad9e4d53fc3.exe	28

C:\Users\Admin\AppData\Local\Temp\f4f767ef1b50792b0b8bc1ceb42bb10f57ef0564fbd7647e146bcad9e4d53fc3.exe
"C:\Users\Admin\AppData\Local\Temp\f4f767ef1b50792b0b8bc1ceb42bb10f57ef0564fbd7647e146bcad9e4d53fc3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 204
  2⤵
  - Program crash
  PID:1452

memory/1452-55-0x0000000000000000-mapping.dmp

Download
memory/1952-54-0x0000000075981000-0x0000000075983000-memory.dmp

Filesize
8KB

Download