bd812331345339833722e83cf2ad6a9da04c5d66f17e85780d79aff952cbcc20

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 18:44

Target

bd812331345339833722e83cf2ad6a9da04c5d66f17e85780d79aff952cbcc20.exe
Size

216KB
MD5

102cfdcb0694c13b9069ed173204c940
SHA1

b5bc32dd1230dd6dd020d1a1edb74d3ab73aae10
SHA256

bd812331345339833722e83cf2ad6a9da04c5d66f17e85780d79aff952cbcc20
SHA512

3ae86cd8976b232b3b98d3d34b49cec8922c8f238b4dfc125bebc9082c4cd55581d12065f971b857df0704ef87e7b17294a48d68c04d5f7ed032dee205abc8a3
SSDEEP

3072:frYgJesTikvyxyvZcMO/6T4nIB5BAZlB/xOoa90XnJXP+IXmmFo9ALmfdP:fp5T9qAZcR/6TkINwl5a9S92smz1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1160	1284	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 1160	1284	bd812331345339833722e83cf2ad6a9da04c5d66f17e85780d79aff952cbcc20.exe	27
PID 1284 wrote to memory of 1160	1284	bd812331345339833722e83cf2ad6a9da04c5d66f17e85780d79aff952cbcc20.exe	27
PID 1284 wrote to memory of 1160	1284	bd812331345339833722e83cf2ad6a9da04c5d66f17e85780d79aff952cbcc20.exe	27
PID 1284 wrote to memory of 1160	1284	bd812331345339833722e83cf2ad6a9da04c5d66f17e85780d79aff952cbcc20.exe	27

C:\Users\Admin\AppData\Local\Temp\bd812331345339833722e83cf2ad6a9da04c5d66f17e85780d79aff952cbcc20.exe
"C:\Users\Admin\AppData\Local\Temp\bd812331345339833722e83cf2ad6a9da04c5d66f17e85780d79aff952cbcc20.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 136
  2⤵
  - Program crash
  PID:1160

memory/1160-55-0x0000000000000000-mapping.dmp

Download
memory/1284-54-0x00000000762E1000-0x00000000762E3000-memory.dmp

Filesize
8KB

Download
memory/1284-56-0x0000000001000000-0x0000000001032000-memory.dmp

Filesize
200KB

Download