84b3ec63cf6221175f689bc8327b74864af3ce7099d0dd9fec5d5c63c113eded

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/11/2022, 21:38

Target

84b3ec63cf6221175f689bc8327b74864af3ce7099d0dd9fec5d5c63c113eded.exe
Size

1.0MB
MD5

52b6e9fd2461b2db3c6f243795648264
SHA1

de15de9d94a4d63e180795b9f131d9d5085c29d4
SHA256

84b3ec63cf6221175f689bc8327b74864af3ce7099d0dd9fec5d5c63c113eded
SHA512

e4583739eea45260a39e89714586cfa215135d812ad04d1a00536593b70708d0646d68e375f0260f4a54fb6903d84bf6d5dfa3b045f4a93d84d65cc892f4c1bd
SSDEEP

12288:n7WMNBdu0HWJyLQLuHk5bb9rOOLR5nBFpPoSer:nFPd/HcyLQLuH6bprOobE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
892	864	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 892	864	84b3ec63cf6221175f689bc8327b74864af3ce7099d0dd9fec5d5c63c113eded.exe	27
PID 864 wrote to memory of 892	864	84b3ec63cf6221175f689bc8327b74864af3ce7099d0dd9fec5d5c63c113eded.exe	27
PID 864 wrote to memory of 892	864	84b3ec63cf6221175f689bc8327b74864af3ce7099d0dd9fec5d5c63c113eded.exe	27
PID 864 wrote to memory of 892	864	84b3ec63cf6221175f689bc8327b74864af3ce7099d0dd9fec5d5c63c113eded.exe	27

C:\Users\Admin\AppData\Local\Temp\84b3ec63cf6221175f689bc8327b74864af3ce7099d0dd9fec5d5c63c113eded.exe
"C:\Users\Admin\AppData\Local\Temp\84b3ec63cf6221175f689bc8327b74864af3ce7099d0dd9fec5d5c63c113eded.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:864
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 192
  2⤵
  - Program crash
  PID:892

memory/864-54-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download