5fa635dc9ef2a94dd2cc17871e8d9f90cf4a7ef84d64c68848e1373a689c8b44

Analysis

max time kernel
37s
max time network
105s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-10-2022 11:14

Target

5fa635dc9ef2a94dd2cc17871e8d9f90cf4a7ef84d64c68848e1373a689c8b44.exe
Size

63KB
MD5

93881804be1d430a9eff1661b0806600
SHA1

e153d9dd00db4b8a544bf4f27161120b2e7219df
SHA256

5fa635dc9ef2a94dd2cc17871e8d9f90cf4a7ef84d64c68848e1373a689c8b44
SHA512

0e1ce5cb4e469bbb3e5ed6803766bd5aa73ee58ed706b9b21d97ef03e53c4d20c2228f8893382704ce513d3369e1ce6522dc09e5fa8d113c2d39eecf59bbda18
SSDEEP

1536:tVsAb0HkFa7H+lgV6J3S+8aNJuRb8xgeDcu1tWZRnDrHfKK66wZ3l:tVjaelgV6E+8oJu1ZeDcu1gDr/K6wZ3l

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1472	2020	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1472	2020	5fa635dc9ef2a94dd2cc17871e8d9f90cf4a7ef84d64c68848e1373a689c8b44.exe	26
PID 2020 wrote to memory of 1472	2020	5fa635dc9ef2a94dd2cc17871e8d9f90cf4a7ef84d64c68848e1373a689c8b44.exe	26
PID 2020 wrote to memory of 1472	2020	5fa635dc9ef2a94dd2cc17871e8d9f90cf4a7ef84d64c68848e1373a689c8b44.exe	26
PID 2020 wrote to memory of 1472	2020	5fa635dc9ef2a94dd2cc17871e8d9f90cf4a7ef84d64c68848e1373a689c8b44.exe	26

C:\Users\Admin\AppData\Local\Temp\5fa635dc9ef2a94dd2cc17871e8d9f90cf4a7ef84d64c68848e1373a689c8b44.exe
"C:\Users\Admin\AppData\Local\Temp\5fa635dc9ef2a94dd2cc17871e8d9f90cf4a7ef84d64c68848e1373a689c8b44.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 36
  2⤵
  - Program crash
  PID:1472

memory/2020-54-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download