b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750

Analysis

max time kernel
41s
max time network
120s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 05:32

Target

b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750.exe
Size

69KB
MD5

36372eec32766a73d248f6e6f2d8a590
SHA1

215a422bc0efb7b303c083e9deee034d34d4c0db
SHA256

b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750
SHA512

4f66e778473754ce1c3f85c9e6d931712c6aa5c640bc1f5a348c5f2a23cada885ee9fbcbeea70f729000a0e22fde2ce39686a87e9c0bc0bf883a373fc6e1dc25
SSDEEP

1536:gZxeCSzXkR7Osy6YNrbQOQGw9sKzo2nFWN1E+AwsP:gZxvY07OsyBQPKGsTE+UP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1568	536	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 1568	536	b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750.exe	27
PID 536 wrote to memory of 1568	536	b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750.exe	27
PID 536 wrote to memory of 1568	536	b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750.exe	27
PID 536 wrote to memory of 1568	536	b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750.exe	27

C:\Users\Admin\AppData\Local\Temp\b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750.exe
"C:\Users\Admin\AppData\Local\Temp\b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 116
  2⤵
  - Program crash
  PID:1568

memory/536-54-0x0000000076831000-0x0000000076833000-memory.dmp

Filesize
8KB

Download
memory/536-56-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download