53d141a4526669d252a8c2f9a6c456ad6695728359134aec1fe180283afe759f

Analysis

max time kernel
31s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 08:50

Target

53d141a4526669d252a8c2f9a6c456ad6695728359134aec1fe180283afe759f.exe
Size

96KB
MD5

815debbc71369b9237938240d9ef5629
SHA1

83e34116b8955658bcdcbb874dadf2a314dccdbe
SHA256

53d141a4526669d252a8c2f9a6c456ad6695728359134aec1fe180283afe759f
SHA512

21d08d24456862b411a88cdec652b78cf405b70f060c6b266453cb826c481deb5f42f9b13491e7771a1f9d3a493fb1031ceb32023a6d24a4ffd3fa396037a568
SSDEEP

768:q06R0UKzOgnKqGR7//GPc0LOBhvBrHks3IiyhDYQbGmxlNaM+WGa1wuxnzgOYw9f:AR0vxn3Pc0LCH9MtbvabUDzJYWu3Bg

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1004	1456	WerFault.exe	22

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 1004	1456	53d141a4526669d252a8c2f9a6c456ad6695728359134aec1fe180283afe759f.exe	27
PID 1456 wrote to memory of 1004	1456	53d141a4526669d252a8c2f9a6c456ad6695728359134aec1fe180283afe759f.exe	27
PID 1456 wrote to memory of 1004	1456	53d141a4526669d252a8c2f9a6c456ad6695728359134aec1fe180283afe759f.exe	27
PID 1456 wrote to memory of 1004	1456	53d141a4526669d252a8c2f9a6c456ad6695728359134aec1fe180283afe759f.exe	27

C:\Users\Admin\AppData\Local\Temp\53d141a4526669d252a8c2f9a6c456ad6695728359134aec1fe180283afe759f.exe
"C:\Users\Admin\AppData\Local\Temp\53d141a4526669d252a8c2f9a6c456ad6695728359134aec1fe180283afe759f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 156
  2⤵
  - Program crash
  PID:1004

memory/1456-54-0x0000000075E11000-0x0000000075E13000-memory.dmp

Filesize
8KB

Download
memory/1456-56-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download