70e900272768de882671f05e863d8aa2a8cd759cffdd310a309c553f43d4f87e

Analysis

max time kernel
27s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 15:38

Target

70e900272768de882671f05e863d8aa2a8cd759cffdd310a309c553f43d4f87e.exe
Size

349KB
MD5

828f1796a2d2e927b6cb009bef84c00e
SHA1

1e85cd0733b0372144e9b612bdd2a9c5d0528f2d
SHA256

70e900272768de882671f05e863d8aa2a8cd759cffdd310a309c553f43d4f87e
SHA512

5b4cb2c7ba73ac924635238b55e7a3ac04a9533efbc88f11949a0434040c62cfcfd97211ab319d5fb89666298f162a4fcdcd6d6e7ee5f1546d0631e00d013482
SSDEEP

6144:8sVv61r7jybUx6F4Y0d0NbdjMSkwb2if1L5kz91xSxCFYd:5i1rybUxBWbdjMNwbn9y6sY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1980	1016	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1016 wrote to memory of 1980	1016	70e900272768de882671f05e863d8aa2a8cd759cffdd310a309c553f43d4f87e.exe	28
PID 1016 wrote to memory of 1980	1016	70e900272768de882671f05e863d8aa2a8cd759cffdd310a309c553f43d4f87e.exe	28
PID 1016 wrote to memory of 1980	1016	70e900272768de882671f05e863d8aa2a8cd759cffdd310a309c553f43d4f87e.exe	28
PID 1016 wrote to memory of 1980	1016	70e900272768de882671f05e863d8aa2a8cd759cffdd310a309c553f43d4f87e.exe	28

C:\Users\Admin\AppData\Local\Temp\70e900272768de882671f05e863d8aa2a8cd759cffdd310a309c553f43d4f87e.exe
"C:\Users\Admin\AppData\Local\Temp\70e900272768de882671f05e863d8aa2a8cd759cffdd310a309c553f43d4f87e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1016
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 164
  2⤵
  - Program crash
  PID:1980

memory/1016-54-0x00000000764D1000-0x00000000764D3000-memory.dmp

Filesize
8KB

Download
memory/1016-55-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download