c386b0397a2746a5d5fddf194f246ea4d32863faedea95eebfceb5cb480c4afb

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 01:02

Target

c386b0397a2746a5d5fddf194f246ea4d32863faedea95eebfceb5cb480c4afb.exe
Size

767KB
MD5

a20d6b39c7c4f720d5395992849cf810
SHA1

a86c6c3259413ca36db10482558d08b1d3660560
SHA256

c386b0397a2746a5d5fddf194f246ea4d32863faedea95eebfceb5cb480c4afb
SHA512

04cd630842a08af62b2354905066165fd50aa0f4d983ef4d649bb47c05cd7cce34dc2dd35c5a533f5688fefd190b86111d62a106452b160e47e3f1b0ba8c093f
SSDEEP

12288:F6pLB9ZN1jDTW5AwEAH7Z1fyg2nCvoyO2tPvP5c07coSaS/UDZ8PqLfv:0lBN13TW5AZ6Zt+CvnO2tdhvaqr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
912	1972	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 912	1972	c386b0397a2746a5d5fddf194f246ea4d32863faedea95eebfceb5cb480c4afb.exe	28
PID 1972 wrote to memory of 912	1972	c386b0397a2746a5d5fddf194f246ea4d32863faedea95eebfceb5cb480c4afb.exe	28
PID 1972 wrote to memory of 912	1972	c386b0397a2746a5d5fddf194f246ea4d32863faedea95eebfceb5cb480c4afb.exe	28
PID 1972 wrote to memory of 912	1972	c386b0397a2746a5d5fddf194f246ea4d32863faedea95eebfceb5cb480c4afb.exe	28

C:\Users\Admin\AppData\Local\Temp\c386b0397a2746a5d5fddf194f246ea4d32863faedea95eebfceb5cb480c4afb.exe
"C:\Users\Admin\AppData\Local\Temp\c386b0397a2746a5d5fddf194f246ea4d32863faedea95eebfceb5cb480c4afb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 208
  2⤵
  - Program crash
  PID:912

memory/1972-54-0x00000000751A1000-0x00000000751A3000-memory.dmp

Filesize
8KB

Download
memory/1972-55-0x0000000000400000-0x00000000004CA190-memory.dmp

Filesize
808KB

Download
memory/1972-57-0x0000000000400000-0x00000000004CA190-memory.dmp

Filesize
808KB

Download