f0b7b076fe93621614a808722736db505649dfba8d2adc953e98f091c1f99c00

Analysis

max time kernel
35s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 05:02

Target

Locale Emulator 讓簡體中文軟體可以正常顯示 v2.1.0.0/LEUpdater.exe
Size

192KB
MD5

1c059f38bc7dd7a096e69e57dab91171
SHA1

10453b0cc66c03dd05adc341c34059620d6fe3df
SHA256

b9c43c669d9945105729897709bd8c6a159fc3b30e26c4f92ec344940f0f4c01
SHA512

80e43dfd4a76897e5be5828224b8852029b209a5e28a58a6ea0ace6985021dd44d1bbb1a8d087a69ff38a8f562fa12cca60ed881bbd1d8df22c51b74ef4e2da2
SSDEEP

768:OR9slXZRDp3xFkPc66B66r66x66266V66266B66Z66h66L66M66/66+66E66h66s:Pd53xFklEcZJ93xFkVEkZ7d

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1520	1720	WerFault.exe	26

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1520	1720	LEUpdater.exe	27
PID 1720 wrote to memory of 1520	1720	LEUpdater.exe	27
PID 1720 wrote to memory of 1520	1720	LEUpdater.exe	27

C:\Users\Admin\AppData\Local\Temp\Locale Emulator 讓簡體中文軟體可以正常顯示 v2.1.0.0\LEUpdater.exe
"C:\Users\Admin\AppData\Local\Temp\Locale Emulator 讓簡體中文軟體可以正常顯示 v2.1.0.0\LEUpdater.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1720 -s 536
  2⤵
  - Program crash
  PID:1520

memory/1720-54-0x0000000000D70000-0x0000000000DA6000-memory.dmp

Filesize
216KB

Download