9f20caca67a6c81b90ff3275a306d4b1ddebaef7ce52a4d575918e0d39b8601a

Analysis

max time kernel
36s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 21:30

Target

9f20caca67a6c81b90ff3275a306d4b1ddebaef7ce52a4d575918e0d39b8601a.exe
Size

788KB
MD5

0246944dcb8f8d53c9150dc0b7bf43a1
SHA1

e0402cb77f0296750f1f1dd75eccf5296a17d4d0
SHA256

9f20caca67a6c81b90ff3275a306d4b1ddebaef7ce52a4d575918e0d39b8601a
SHA512

fe5145dbbf75bb25774bd45707719e2a99b2364cb85ba91e998a5a3ed5cb1d78c49e47d699d41a1979639c8f9d7e758c85b45b704292787b13732ffe133e387d
SSDEEP

12288:i3TdtLW5WIj1YSSdFxsiSXE8zxUJe9lH/9ogH1o1s2+ZB8iSXE8zxUJr:8Dsj1dEcicDtE+H/KgVQ+kicDtEr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1696	1228	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 1696	1228	9f20caca67a6c81b90ff3275a306d4b1ddebaef7ce52a4d575918e0d39b8601a.exe	27
PID 1228 wrote to memory of 1696	1228	9f20caca67a6c81b90ff3275a306d4b1ddebaef7ce52a4d575918e0d39b8601a.exe	27
PID 1228 wrote to memory of 1696	1228	9f20caca67a6c81b90ff3275a306d4b1ddebaef7ce52a4d575918e0d39b8601a.exe	27
PID 1228 wrote to memory of 1696	1228	9f20caca67a6c81b90ff3275a306d4b1ddebaef7ce52a4d575918e0d39b8601a.exe	27

C:\Users\Admin\AppData\Local\Temp\9f20caca67a6c81b90ff3275a306d4b1ddebaef7ce52a4d575918e0d39b8601a.exe
"C:\Users\Admin\AppData\Local\Temp\9f20caca67a6c81b90ff3275a306d4b1ddebaef7ce52a4d575918e0d39b8601a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 192
  2⤵
  - Program crash
  PID:1696

memory/1228-54-0x0000000075561000-0x0000000075563000-memory.dmp

Filesize
8KB

Download
memory/1228-55-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download