27ae0c9297bd79427aa0f0521c7f0c03a455cfc5a61df44f0aa34aff4470a17b

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 21:59

Target

27ae0c9297bd79427aa0f0521c7f0c03a455cfc5a61df44f0aa34aff4470a17b.exe
Size

27KB
MD5

0fe5d55bcab02631ce7a4c088e1f9720
SHA1

19124d7c78291395fb3173054cb2a912f164ff65
SHA256

27ae0c9297bd79427aa0f0521c7f0c03a455cfc5a61df44f0aa34aff4470a17b
SHA512

fb70176d99d6c4e91fd617a01b9fb2aee04893339052847c9603888c631472662f4552275b8bba6f92cf5497603da6df924fc2118c719e6fcce2056521736180
SSDEEP

768:6blaZpxUesXxE+FVcCgUz+jRQKn9b1DFrO8Lyr:60HxUesBE+FMR39b1Rrly

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
896	1812	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1812 wrote to memory of 896	1812	27ae0c9297bd79427aa0f0521c7f0c03a455cfc5a61df44f0aa34aff4470a17b.exe	28
PID 1812 wrote to memory of 896	1812	27ae0c9297bd79427aa0f0521c7f0c03a455cfc5a61df44f0aa34aff4470a17b.exe	28
PID 1812 wrote to memory of 896	1812	27ae0c9297bd79427aa0f0521c7f0c03a455cfc5a61df44f0aa34aff4470a17b.exe	28
PID 1812 wrote to memory of 896	1812	27ae0c9297bd79427aa0f0521c7f0c03a455cfc5a61df44f0aa34aff4470a17b.exe	28

C:\Users\Admin\AppData\Local\Temp\27ae0c9297bd79427aa0f0521c7f0c03a455cfc5a61df44f0aa34aff4470a17b.exe
"C:\Users\Admin\AppData\Local\Temp\27ae0c9297bd79427aa0f0521c7f0c03a455cfc5a61df44f0aa34aff4470a17b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 136
  2⤵
  - Program crash
  PID:896

memory/896-54-0x0000000000000000-mapping.dmp

Download
memory/1812-55-0x0000000001000000-0x000000000100E000-memory.dmp

Filesize
56KB

Download