7e507f3afc9bc1c1be6918b27fe8b56641e6d4a7e12302567fa4badd1e377d36

Analysis

max time kernel
38s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 13:55

Target

7e507f3afc9bc1c1be6918b27fe8b56641e6d4a7e12302567fa4badd1e377d36.exe
Size

33KB
MD5

72b2b940155b3fc3138b9019d0e2d20a
SHA1

d27b3a4c0e3c0b9dd178cc571e1943f171ddb67a
SHA256

7e507f3afc9bc1c1be6918b27fe8b56641e6d4a7e12302567fa4badd1e377d36
SHA512

9ac5a664b0d48203ada87012b2eeb3f3cb68789f1035c4278c3cfce2d762b707d32239f6193a4f3e6a2f075b0983b778a543ba5f8badf9ae0bde734186663c70
SSDEEP

768:wlwCTlnfDPYOSQ5KgRG7ejzPg0PEl2LGdZYe/E1:wvTlf7zSMXRG7+zP/PErd6e/E1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1536	1504	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 1536	1504	7e507f3afc9bc1c1be6918b27fe8b56641e6d4a7e12302567fa4badd1e377d36.exe	26
PID 1504 wrote to memory of 1536	1504	7e507f3afc9bc1c1be6918b27fe8b56641e6d4a7e12302567fa4badd1e377d36.exe	26
PID 1504 wrote to memory of 1536	1504	7e507f3afc9bc1c1be6918b27fe8b56641e6d4a7e12302567fa4badd1e377d36.exe	26
PID 1504 wrote to memory of 1536	1504	7e507f3afc9bc1c1be6918b27fe8b56641e6d4a7e12302567fa4badd1e377d36.exe	26

C:\Users\Admin\AppData\Local\Temp\7e507f3afc9bc1c1be6918b27fe8b56641e6d4a7e12302567fa4badd1e377d36.exe
"C:\Users\Admin\AppData\Local\Temp\7e507f3afc9bc1c1be6918b27fe8b56641e6d4a7e12302567fa4badd1e377d36.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 88
  2⤵
  - Program crash
  PID:1536

memory/1504-54-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1504-56-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download