042ece60049116ae6a7d713ea039d0c18fedeaf207b4b5a36f25be8dd05df220

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 03:37 UTC

Target

042ece60049116ae6a7d713ea039d0c18fedeaf207b4b5a36f25be8dd05df220.exe
Size

190KB
MD5

a28b285b2821d760754020f4228d4cb0
SHA1

17e55eebf0fef13db6d4387044a0c4141df0a42d
SHA256

042ece60049116ae6a7d713ea039d0c18fedeaf207b4b5a36f25be8dd05df220
SHA512

c337f3d9e26a425975f250b2c58942a18f239475139fce31bb32aa9ab978330fe8ce162dbe9eb8f06751c571f38292d314ae1e0fef5dbf8675ee348700e68af7
SSDEEP

3072:4O9kj6acRtv5CbK+qVlny0Gnl3DyL8QTBffl8M1SzzoI7h+aS1Gy:4OOuacRtxCzqVlny0gyQQTBXlnQzzo0c

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
976	1604	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 976	1604	042ece60049116ae6a7d713ea039d0c18fedeaf207b4b5a36f25be8dd05df220.exe	27
PID 1604 wrote to memory of 976	1604	042ece60049116ae6a7d713ea039d0c18fedeaf207b4b5a36f25be8dd05df220.exe	27
PID 1604 wrote to memory of 976	1604	042ece60049116ae6a7d713ea039d0c18fedeaf207b4b5a36f25be8dd05df220.exe	27
PID 1604 wrote to memory of 976	1604	042ece60049116ae6a7d713ea039d0c18fedeaf207b4b5a36f25be8dd05df220.exe	27

C:\Users\Admin\AppData\Local\Temp\042ece60049116ae6a7d713ea039d0c18fedeaf207b4b5a36f25be8dd05df220.exe
"C:\Users\Admin\AppData\Local\Temp\042ece60049116ae6a7d713ea039d0c18fedeaf207b4b5a36f25be8dd05df220.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 116
  2⤵
  - Program crash
  PID:976

memory/1604-54-0x0000000076461000-0x0000000076463000-memory.dmp

Filesize
8KB

Download
memory/1604-56-0x0000000000E00000-0x0000000000E34000-memory.dmp

Filesize
208KB

Download