e82df120f0ad5f794f321d6134f4c92cc0592b222659f4879cedaf9989f48db5

Analysis

max time kernel
55s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 19:20

Target

e82df120f0ad5f794f321d6134f4c92cc0592b222659f4879cedaf9989f48db5.exe
Size

168KB
MD5

963b510b86f66535f15f03e11d0c0302
SHA1

7d9a8382ebbf5114317c77eb6bbc42f5499fea1d
SHA256

e82df120f0ad5f794f321d6134f4c92cc0592b222659f4879cedaf9989f48db5
SHA512

1649dacb7c8c3353118fe80ec6f919bd5e8c6b8be100410dc44f6d39584569cf546baee39c425764ab99c4aed205e1c86fb18d51d5587589bc272c36ebc5a9ff
SSDEEP

1536:dlGNV8UrvwB55VI4IIOmN8vr3z0UQrfsXmMqG4e8hy4K/teP3cU0lJGBJJUv9tRU:wV8UrppIX8n4zoX4K+cUkJyQVAP/N

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1988	1976	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1988	1976	e82df120f0ad5f794f321d6134f4c92cc0592b222659f4879cedaf9989f48db5.exe	27
PID 1976 wrote to memory of 1988	1976	e82df120f0ad5f794f321d6134f4c92cc0592b222659f4879cedaf9989f48db5.exe	27
PID 1976 wrote to memory of 1988	1976	e82df120f0ad5f794f321d6134f4c92cc0592b222659f4879cedaf9989f48db5.exe	27
PID 1976 wrote to memory of 1988	1976	e82df120f0ad5f794f321d6134f4c92cc0592b222659f4879cedaf9989f48db5.exe	27

C:\Users\Admin\AppData\Local\Temp\e82df120f0ad5f794f321d6134f4c92cc0592b222659f4879cedaf9989f48db5.exe
"C:\Users\Admin\AppData\Local\Temp\e82df120f0ad5f794f321d6134f4c92cc0592b222659f4879cedaf9989f48db5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 112
  2⤵
  - Program crash
  PID:1988

memory/1976-54-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1976-56-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download