79d9a79e5f04a0d10a2657c615c06187d37965b518562ee1dd274da79176d358

Analysis

max time kernel
56s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 21:13

Target

79d9a79e5f04a0d10a2657c615c06187d37965b518562ee1dd274da79176d358.exe
Size

284KB
MD5

a11ca0a031384f5310220d158c534700
SHA1

add859fc973dd811942655f7421052952e04b01f
SHA256

79d9a79e5f04a0d10a2657c615c06187d37965b518562ee1dd274da79176d358
SHA512

89524af4ae45977bed43dfdd4bf7292f6d8cfccf155c8c7215ab64ce63b52f30545a66dfc4f1ac949e95488bf1be48d0e42aa51969b425d552efa46b4975f73f
SSDEEP

6144:y83nLbxKVJ3nCMkQe5HWAsHFZlxGXlvnP36:ygsHyMBLHFZlxuvnPK

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1556	368	WerFault.exe	26

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 368 wrote to memory of 1556	368	79d9a79e5f04a0d10a2657c615c06187d37965b518562ee1dd274da79176d358.exe	27
PID 368 wrote to memory of 1556	368	79d9a79e5f04a0d10a2657c615c06187d37965b518562ee1dd274da79176d358.exe	27
PID 368 wrote to memory of 1556	368	79d9a79e5f04a0d10a2657c615c06187d37965b518562ee1dd274da79176d358.exe	27
PID 368 wrote to memory of 1556	368	79d9a79e5f04a0d10a2657c615c06187d37965b518562ee1dd274da79176d358.exe	27
PID 368 wrote to memory of 1556	368	79d9a79e5f04a0d10a2657c615c06187d37965b518562ee1dd274da79176d358.exe	27
PID 368 wrote to memory of 1556	368	79d9a79e5f04a0d10a2657c615c06187d37965b518562ee1dd274da79176d358.exe	27
PID 368 wrote to memory of 1556	368	79d9a79e5f04a0d10a2657c615c06187d37965b518562ee1dd274da79176d358.exe	27

C:\Users\Admin\AppData\Local\Temp\79d9a79e5f04a0d10a2657c615c06187d37965b518562ee1dd274da79176d358.exe
"C:\Users\Admin\AppData\Local\Temp\79d9a79e5f04a0d10a2657c615c06187d37965b518562ee1dd274da79176d358.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:368
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 268
  2⤵
  - Program crash
  PID:1556

memory/368-54-0x0000000074AD1000-0x0000000074AD3000-memory.dmp

Filesize
8KB

Download
memory/368-56-0x0000000000900000-0x0000000000950000-memory.dmp

Filesize
320KB

Download
memory/368-57-0x00000000001B0000-0x0000000000200000-memory.dmp

Filesize
320KB

Download