73f9d38fb65bd5915325b99692fb40b4e6b0e7b593ce20e533cc7e7e3063dbaf

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 18:58

Target

73f9d38fb65bd5915325b99692fb40b4e6b0e7b593ce20e533cc7e7e3063dbaf.exe
Size

216KB
MD5

0e3514b6fb24bf9b1803c5ab65867c11
SHA1

af384d914e23795cb922b2c41c56d0e45b67e2a4
SHA256

73f9d38fb65bd5915325b99692fb40b4e6b0e7b593ce20e533cc7e7e3063dbaf
SHA512

fdb1fd6569a5c2bdc1b6ca2430ad04e4cbc19eec85a4e5168c2e058c009f360dc93383e7c76c45af747bfa1f800f95f41c4cbcc718fb902c7e4a7f9490f06ef7
SSDEEP

3072:UrYgJesrikvyxyvZcMO/6T4nIB5BAZlB/x22ShYf6uSrr0RA2ZodnSOyNbL:Up5r9qAZcR/6TkINwlrVYYf6SXOdJmL

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1964	1428	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 1964	1428	73f9d38fb65bd5915325b99692fb40b4e6b0e7b593ce20e533cc7e7e3063dbaf.exe	26
PID 1428 wrote to memory of 1964	1428	73f9d38fb65bd5915325b99692fb40b4e6b0e7b593ce20e533cc7e7e3063dbaf.exe	26
PID 1428 wrote to memory of 1964	1428	73f9d38fb65bd5915325b99692fb40b4e6b0e7b593ce20e533cc7e7e3063dbaf.exe	26
PID 1428 wrote to memory of 1964	1428	73f9d38fb65bd5915325b99692fb40b4e6b0e7b593ce20e533cc7e7e3063dbaf.exe	26

C:\Users\Admin\AppData\Local\Temp\73f9d38fb65bd5915325b99692fb40b4e6b0e7b593ce20e533cc7e7e3063dbaf.exe
"C:\Users\Admin\AppData\Local\Temp\73f9d38fb65bd5915325b99692fb40b4e6b0e7b593ce20e533cc7e7e3063dbaf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 136
  2⤵
  - Program crash
  PID:1964

memory/1428-54-0x00000000754E1000-0x00000000754E3000-memory.dmp

Filesize
8KB

Download
memory/1428-55-0x0000000001000000-0x0000000001033000-memory.dmp

Filesize
204KB

Download