d8c1b2c0cb2da7ad2ae69c8a31368ccbb3fc6e010317c5c1d50dedbf42979133

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 10:23

Target

d8c1b2c0cb2da7ad2ae69c8a31368ccbb3fc6e010317c5c1d50dedbf42979133.exe
Size

83KB
MD5

93823ae720211be64ebbee32e0c61910
SHA1

dd88c43726c8520bea080a222f553e3b2a3f1e02
SHA256

d8c1b2c0cb2da7ad2ae69c8a31368ccbb3fc6e010317c5c1d50dedbf42979133
SHA512

a8259f0e549a0e3614a2faea01498ad10d923f175e833606b8eacd77ec9555c45f2ac420d02003c7270ab6b5cbcb406d847a92879c8512e3dd434ea7f4fdd143
SSDEEP

1536:0yTTWTJsXLZNN4VnmKViiYvKytmbMt5UZSqheJrhmjb+zrA47JAEpjVrs2ryrd1m:0yTTWTJsXLZNN4wKViiYvKytmbMP0hgw

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
900	1128	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 900	1128	d8c1b2c0cb2da7ad2ae69c8a31368ccbb3fc6e010317c5c1d50dedbf42979133.exe	27
PID 1128 wrote to memory of 900	1128	d8c1b2c0cb2da7ad2ae69c8a31368ccbb3fc6e010317c5c1d50dedbf42979133.exe	27
PID 1128 wrote to memory of 900	1128	d8c1b2c0cb2da7ad2ae69c8a31368ccbb3fc6e010317c5c1d50dedbf42979133.exe	27
PID 1128 wrote to memory of 900	1128	d8c1b2c0cb2da7ad2ae69c8a31368ccbb3fc6e010317c5c1d50dedbf42979133.exe	27

C:\Users\Admin\AppData\Local\Temp\d8c1b2c0cb2da7ad2ae69c8a31368ccbb3fc6e010317c5c1d50dedbf42979133.exe
"C:\Users\Admin\AppData\Local\Temp\d8c1b2c0cb2da7ad2ae69c8a31368ccbb3fc6e010317c5c1d50dedbf42979133.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 36
  2⤵
  - Program crash
  PID:900

memory/1128-55-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download