299ccbcf483442aa4d79f26b255eee194dad0cfb526be7d065da1a18516947e0

Analysis

max time kernel
40s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 11:51

Target

299ccbcf483442aa4d79f26b255eee194dad0cfb526be7d065da1a18516947e0.exe
Size

88KB
MD5

a018feb8b921016f8630916a621cd6c5
SHA1

0dab719977c1f3a49fcd885eb439ac59157decd3
SHA256

299ccbcf483442aa4d79f26b255eee194dad0cfb526be7d065da1a18516947e0
SHA512

2d85bcc576529cc800bab08301c0ae0d7512a2b37cd574b2b4b435e2e497044bab6f7a5730a072513ca281e838c0b9200460bf3a45c388ad78f3b0cc782679ea
SSDEEP

1536:mOuk7ETc2eyOBHsSj3t5RfVnmGhvcoWsw1Si1kmR+zbEirv+f92vARv4utGLrL+0:rx7lZsSj37nmGcoWsw1Z1kDE2v+fd/Gv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
836	1668	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 836	1668	299ccbcf483442aa4d79f26b255eee194dad0cfb526be7d065da1a18516947e0.exe	27
PID 1668 wrote to memory of 836	1668	299ccbcf483442aa4d79f26b255eee194dad0cfb526be7d065da1a18516947e0.exe	27
PID 1668 wrote to memory of 836	1668	299ccbcf483442aa4d79f26b255eee194dad0cfb526be7d065da1a18516947e0.exe	27
PID 1668 wrote to memory of 836	1668	299ccbcf483442aa4d79f26b255eee194dad0cfb526be7d065da1a18516947e0.exe	27

C:\Users\Admin\AppData\Local\Temp\299ccbcf483442aa4d79f26b255eee194dad0cfb526be7d065da1a18516947e0.exe
"C:\Users\Admin\AppData\Local\Temp\299ccbcf483442aa4d79f26b255eee194dad0cfb526be7d065da1a18516947e0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 64
  2⤵
  - Program crash
  PID:836

memory/836-54-0x0000000000000000-mapping.dmp

Download
memory/1668-55-0x0000000001000000-0x0000000001019000-memory.dmp

Filesize
100KB

Download