6d5d148995690046f2f346d66ab8fc91e35645e64f79a82d35c115110c78ea46

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 00:33

Target

6d5d148995690046f2f346d66ab8fc91e35645e64f79a82d35c115110c78ea46.exe
Size

21KB
MD5

0b943b619e2a9fdea3bb94f01f28ace6
SHA1

d085f5636b41ca5b3984357005f37030964f5a15
SHA256

6d5d148995690046f2f346d66ab8fc91e35645e64f79a82d35c115110c78ea46
SHA512

0a14e3b6dbd7a114ef79cc86bf340d5a8a540994adfb83131d6194d43c9e84ca7ef3c06f2b01c0b7eba1b6ebdbdae02d82b1c92bf577135ccc489c717a4ea280
SSDEEP

384:hB4idPVTp+mtgzwECc7Rmdh/C0Mh0h+pP024zMsqynnmg7ll:ndPn+IgzwN3Sh7M/z

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1216	1564	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 1216	1564	6d5d148995690046f2f346d66ab8fc91e35645e64f79a82d35c115110c78ea46.exe	26
PID 1564 wrote to memory of 1216	1564	6d5d148995690046f2f346d66ab8fc91e35645e64f79a82d35c115110c78ea46.exe	26
PID 1564 wrote to memory of 1216	1564	6d5d148995690046f2f346d66ab8fc91e35645e64f79a82d35c115110c78ea46.exe	26
PID 1564 wrote to memory of 1216	1564	6d5d148995690046f2f346d66ab8fc91e35645e64f79a82d35c115110c78ea46.exe	26

C:\Users\Admin\AppData\Local\Temp\6d5d148995690046f2f346d66ab8fc91e35645e64f79a82d35c115110c78ea46.exe
"C:\Users\Admin\AppData\Local\Temp\6d5d148995690046f2f346d66ab8fc91e35645e64f79a82d35c115110c78ea46.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 88
  2⤵
  - Program crash
  PID:1216

memory/1564-55-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download