cf99c2a2770be2f620e7dae653f783e2b2e2a58d0828a95a69ffe894f97e7c68

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 18:42

Target

cf99c2a2770be2f620e7dae653f783e2b2e2a58d0828a95a69ffe894f97e7c68.exe
Size

272KB
MD5

089b0e0e13c5726561d13f5eda43dd71
SHA1

7896f14af6546166c288a250b7eac3e865c5f5b2
SHA256

cf99c2a2770be2f620e7dae653f783e2b2e2a58d0828a95a69ffe894f97e7c68
SHA512

bf94f9090604c0986f17cfef3774f37400eaf6de72c5c4f83e4cbf2740a98fb16d6a71b528f5eff58c0ce8c99361ebef95af896dff5499c143c9f44718aab8df
SSDEEP

6144:F4GqAg6YFPoPjB3EIGNsU4xkXMCzHgd5XP:F4GhJ13EZNsbxkXfzSXP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1992	456	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 1992	456	cf99c2a2770be2f620e7dae653f783e2b2e2a58d0828a95a69ffe894f97e7c68.exe	28
PID 456 wrote to memory of 1992	456	cf99c2a2770be2f620e7dae653f783e2b2e2a58d0828a95a69ffe894f97e7c68.exe	28
PID 456 wrote to memory of 1992	456	cf99c2a2770be2f620e7dae653f783e2b2e2a58d0828a95a69ffe894f97e7c68.exe	28
PID 456 wrote to memory of 1992	456	cf99c2a2770be2f620e7dae653f783e2b2e2a58d0828a95a69ffe894f97e7c68.exe	28

C:\Users\Admin\AppData\Local\Temp\cf99c2a2770be2f620e7dae653f783e2b2e2a58d0828a95a69ffe894f97e7c68.exe
"C:\Users\Admin\AppData\Local\Temp\cf99c2a2770be2f620e7dae653f783e2b2e2a58d0828a95a69ffe894f97e7c68.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:456
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 456 -s 152
  2⤵
  - Program crash
  PID:1992

memory/456-55-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download