01806b54d4f7fb6826998ad50d20bdbf4da4a15eeb805507f6a48565ca1b706f

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/11/2022, 17:55

Target

5BPqc9mdG7qtAqr.exe
Size

991KB
MD5

ce8766765c014dfa7ad7b7a3b776db45
SHA1

07b625949085074fa3aaab57fcc9a1ea29934fc7
SHA256

01806b54d4f7fb6826998ad50d20bdbf4da4a15eeb805507f6a48565ca1b706f
SHA512

a3694dffcdc2922fd7be48c0815ed62c9327bca49ffd63bc75283845337e3c1e231ca08f64172b581e6349a258eb893af782fb8676327fdcf6a9e944c19cceda
SSDEEP

12288:ciP2iNDSOV9CRxJnK1xRO5NGTUuqStoX2gdkMOgRmJu6n0oHLU/UhMIDDo:x15zsV5NGTUuuQMVRmmEY/U6WM

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
944	1364	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 944	1364	5BPqc9mdG7qtAqr.exe	26
PID 1364 wrote to memory of 944	1364	5BPqc9mdG7qtAqr.exe	26
PID 1364 wrote to memory of 944	1364	5BPqc9mdG7qtAqr.exe	26
PID 1364 wrote to memory of 944	1364	5BPqc9mdG7qtAqr.exe	26

C:\Users\Admin\AppData\Local\Temp\5BPqc9mdG7qtAqr.exe
"C:\Users\Admin\AppData\Local\Temp\5BPqc9mdG7qtAqr.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 664
  2⤵
  - Program crash
  PID:944

memory/1364-54-0x00000000012C0000-0x00000000013BE000-memory.dmp

Filesize
1016KB

Download
memory/1364-55-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/1364-56-0x00000000006A0000-0x00000000006BA000-memory.dmp

Filesize
104KB

Download
memory/1364-57-0x00000000006C0000-0x00000000006CC000-memory.dmp

Filesize
48KB

Download