a70ad8e0d9f623c23adf09d086f2490054c87c41d288be34177cc86ebe152174

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28/10/2022, 21:04

Target

a70ad8e0d9f623c23adf09d086f2490054c87c41d288be34177cc86ebe152174.exe
Size

46KB
MD5

5d0468d1f58f2e3270097600a35ea148
SHA1

ed06ce0f8c6d73b4d839d40e46cea54c4ac32fea
SHA256

a70ad8e0d9f623c23adf09d086f2490054c87c41d288be34177cc86ebe152174
SHA512

27d1166b836dff16d5dfd6440511c0971885020f381d30f392ba98742a8c4709199c572a7ad360e3d57e1608df90f2c9da8bc3289abac43be90eed002ee56db5
SSDEEP

768:9Cf2LxufBU4V3IYB7YlcBPNKo/nMYpih44K5Syw2GyvGZk7l:9o2dGp3DdNKGnBihdKDBGZk7l

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1144	1920	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 1144	1920	a70ad8e0d9f623c23adf09d086f2490054c87c41d288be34177cc86ebe152174.exe	28
PID 1920 wrote to memory of 1144	1920	a70ad8e0d9f623c23adf09d086f2490054c87c41d288be34177cc86ebe152174.exe	28
PID 1920 wrote to memory of 1144	1920	a70ad8e0d9f623c23adf09d086f2490054c87c41d288be34177cc86ebe152174.exe	28
PID 1920 wrote to memory of 1144	1920	a70ad8e0d9f623c23adf09d086f2490054c87c41d288be34177cc86ebe152174.exe	28

C:\Users\Admin\AppData\Local\Temp\a70ad8e0d9f623c23adf09d086f2490054c87c41d288be34177cc86ebe152174.exe
"C:\Users\Admin\AppData\Local\Temp\a70ad8e0d9f623c23adf09d086f2490054c87c41d288be34177cc86ebe152174.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 560
  2⤵
  - Program crash
  PID:1144

memory/1920-54-0x0000000000A50000-0x0000000000A64000-memory.dmp

Filesize
80KB

Download