d12b8e1c80a0d554baa511e39576adc133256c869928054a15fdc474b1ac22bb

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/11/2022, 08:51

Target

1828-84-0x0000000000400000-0x000000000042F000-memory.exe
Size

188KB
MD5

373bdb02320d4d5d81e2cb5810952ee6
SHA1

f7b71dbde7d1c84682d4135f623c1c097a7da328
SHA256

d12b8e1c80a0d554baa511e39576adc133256c869928054a15fdc474b1ac22bb
SHA512

777a11c3c1609e1bd613581d8500e52072524c01651b69ba62fb1dccc2323c3a984587e49db8f56193ee1791ea6208efbc150bdfe1c6afc4c891734a6c1d215c
SSDEEP

3072:O5l+JNmAK0Tp8Q1NWyO9cyxsjAe6RASrfjY0q1LNNKyZTU5RPn:YCmAK2H1XiWEewA0bY0q1LtZCd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1252	860	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 1252	860	1828-84-0x0000000000400000-0x000000000042F000-memory.exe	27
PID 860 wrote to memory of 1252	860	1828-84-0x0000000000400000-0x000000000042F000-memory.exe	27
PID 860 wrote to memory of 1252	860	1828-84-0x0000000000400000-0x000000000042F000-memory.exe	27
PID 860 wrote to memory of 1252	860	1828-84-0x0000000000400000-0x000000000042F000-memory.exe	27

C:\Users\Admin\AppData\Local\Temp\1828-84-0x0000000000400000-0x000000000042F000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\1828-84-0x0000000000400000-0x000000000042F000-memory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:860
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 36
  2⤵
  - Program crash
  PID:1252