feeede0c8522e3b799738ea6d68b1d4e29beba2b9bac6f676eb95561b8b5eb87

Analysis

max time kernel
34s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 19:27

Target

feeede0c8522e3b799738ea6d68b1d4e29beba2b9bac6f676eb95561b8b5eb87.exe
Size

665KB
MD5

0d86ac1b7d00520bd18eb859f23fa490
SHA1

51baaad3bc45096a721a949b46330c38a64f5242
SHA256

feeede0c8522e3b799738ea6d68b1d4e29beba2b9bac6f676eb95561b8b5eb87
SHA512

018af3358cd2dc6995dde5268c0a631a150849bb5aec80a786ca037ad5e6db0008a5959d4aad9387e1cc29acf0cbf3d8095954539c7dceaf349a4e802e5bc2d7
SSDEEP

12288:TmJQ6J3oS7pkWPvyraf9yP88Z4fDNLHgVhYaZtXo3HngULjbk8jk:TmJmStkKvIaAP9Z4fZLHgVhYYXigUjkI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1956	1856	WerFault.exe	14

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 1956	1856	feeede0c8522e3b799738ea6d68b1d4e29beba2b9bac6f676eb95561b8b5eb87.exe	27
PID 1856 wrote to memory of 1956	1856	feeede0c8522e3b799738ea6d68b1d4e29beba2b9bac6f676eb95561b8b5eb87.exe	27
PID 1856 wrote to memory of 1956	1856	feeede0c8522e3b799738ea6d68b1d4e29beba2b9bac6f676eb95561b8b5eb87.exe	27
PID 1856 wrote to memory of 1956	1856	feeede0c8522e3b799738ea6d68b1d4e29beba2b9bac6f676eb95561b8b5eb87.exe	27
PID 1856 wrote to memory of 1956	1856	feeede0c8522e3b799738ea6d68b1d4e29beba2b9bac6f676eb95561b8b5eb87.exe	27
PID 1856 wrote to memory of 1956	1856	feeede0c8522e3b799738ea6d68b1d4e29beba2b9bac6f676eb95561b8b5eb87.exe	27
PID 1856 wrote to memory of 1956	1856	feeede0c8522e3b799738ea6d68b1d4e29beba2b9bac6f676eb95561b8b5eb87.exe	27

C:\Users\Admin\AppData\Local\Temp\feeede0c8522e3b799738ea6d68b1d4e29beba2b9bac6f676eb95561b8b5eb87.exe
"C:\Users\Admin\AppData\Local\Temp\feeede0c8522e3b799738ea6d68b1d4e29beba2b9bac6f676eb95561b8b5eb87.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 268
  2⤵
  - Program crash
  PID:1956

memory/1856-54-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download
memory/1856-55-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/1856-56-0x0000000000BA0000-0x0000000000D95000-memory.dmp

Filesize
2.0MB

Download
memory/1856-58-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download