559dc14b03be8651eccd453db9e17e051ce0cae5c4979012c8f0402b7d537c5a

Analysis

max time kernel
21s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 18:41

Target

559dc14b03be8651eccd453db9e17e051ce0cae5c4979012c8f0402b7d537c5a.exe
Size

76KB
MD5

a066ddc22ce32789d8ba229f7c413730
SHA1

50883996fba8515f357301003bb0e45196ae19e7
SHA256

559dc14b03be8651eccd453db9e17e051ce0cae5c4979012c8f0402b7d537c5a
SHA512

c9b57f3b30691a1410ea51e6039cfc05c70a30f18692d5aa3022e006a86af3a8812c3953c3f0057c6131bf5a24e5bfdffe46e824fa06548567e66945020b41a3
SSDEEP

1536:rBwCWCXCBB3y0St/VAbFrAw9eGoQXYWE2pjVrs2ryrd1vUQuq6:lbXcv2gFsBteNHs2qo

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1728	272	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 272 wrote to memory of 1728	272	559dc14b03be8651eccd453db9e17e051ce0cae5c4979012c8f0402b7d537c5a.exe	28
PID 272 wrote to memory of 1728	272	559dc14b03be8651eccd453db9e17e051ce0cae5c4979012c8f0402b7d537c5a.exe	28
PID 272 wrote to memory of 1728	272	559dc14b03be8651eccd453db9e17e051ce0cae5c4979012c8f0402b7d537c5a.exe	28
PID 272 wrote to memory of 1728	272	559dc14b03be8651eccd453db9e17e051ce0cae5c4979012c8f0402b7d537c5a.exe	28

C:\Users\Admin\AppData\Local\Temp\559dc14b03be8651eccd453db9e17e051ce0cae5c4979012c8f0402b7d537c5a.exe
"C:\Users\Admin\AppData\Local\Temp\559dc14b03be8651eccd453db9e17e051ce0cae5c4979012c8f0402b7d537c5a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:272
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 36
  2⤵
  - Program crash
  PID:1728

memory/272-55-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download