2f5ea1a62fc13005fa827ebb5ae0df55fac1a81428d9fd99c24f771aef6a3f70

Analysis

max time kernel
436s
max time network
440s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
27-10-2022 00:07

Target

42923683022f255205e9e0269abf1d6d676b4b4dfa4afec040fb4b21c24e0676_unpacked_dropper.exe
Size

234KB
MD5

20175483f1ce240ee7bdb36e212f7107
SHA1

63b7747390a57220c2b3a1d174806f91ebe828b0
SHA256

2f5ea1a62fc13005fa827ebb5ae0df55fac1a81428d9fd99c24f771aef6a3f70
SHA512

2a0cec9b768dc8460dc2af753b3e59e6c27d31a13298e55a4c7a894d6158a92bfeae8db3f141cd23113237b9c3f94132e873294548a38212c8786937d897b2eb
SSDEEP

3072:/nIQbLqvw4+fXJ0yGUtIlF6jUFjSi73sMlZDeDptJMvZanVid6LQa0VwDbrVcWJ8:/IsWUf5KoqQa7sMlYtJwa0mP9qu8

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
828	1324	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

42923683022f255205e9e0269abf1d6d676b4b4dfa4afec040fb4b21c24e0676_unpacked_dropper.exe

description	pid	Process	procid_target
PID 1324 wrote to memory of 828	1324	42923683022f255205e9e0269abf1d6d676b4b4dfa4afec040fb4b21c24e0676_unpacked_dropper.exe	27
PID 1324 wrote to memory of 828	1324	42923683022f255205e9e0269abf1d6d676b4b4dfa4afec040fb4b21c24e0676_unpacked_dropper.exe	27
PID 1324 wrote to memory of 828	1324	42923683022f255205e9e0269abf1d6d676b4b4dfa4afec040fb4b21c24e0676_unpacked_dropper.exe	27
PID 1324 wrote to memory of 828	1324	42923683022f255205e9e0269abf1d6d676b4b4dfa4afec040fb4b21c24e0676_unpacked_dropper.exe	27

C:\Users\Admin\AppData\Local\Temp\42923683022f255205e9e0269abf1d6d676b4b4dfa4afec040fb4b21c24e0676_unpacked_dropper.exe
"C:\Users\Admin\AppData\Local\Temp\42923683022f255205e9e0269abf1d6d676b4b4dfa4afec040fb4b21c24e0676_unpacked_dropper.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 156
  2⤵
  - Program crash
  PID:828

memory/828-55-0x0000000000000000-mapping.dmp

Download
memory/1324-54-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

Filesize
8KB

Download