abcc58219e92ce2a6c2ec4a5d14efdd09b3b7d126ed0081d8ad453c25bef7b67

Analysis

max time kernel
12s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 06:23

Target

abcc58219e92ce2a6c2ec4a5d14efdd09b3b7d126ed0081d8ad453c25bef7b67.exe
Size

43KB
MD5

9a9dcb821283e03142b96c240348ee11
SHA1

42843ee12bf8c40ffab111f120ec0638d32f47de
SHA256

abcc58219e92ce2a6c2ec4a5d14efdd09b3b7d126ed0081d8ad453c25bef7b67
SHA512

751673b4b5bf1135c6d616a1c0370e55f9a5f89992df19c4a7db1ad4410194240b64096b5fca3fcb6825e4418f48ba1cd3db04e8f2a12a6031393d5e9c796d5f
SSDEEP

768:+QlPQMYxL4Lx/4HF76PQjzZ4x+NXmM5v8sY/l9tBk4yu2kVUValkjY:ReMgogHF7Z3NX3v69jTfdqsR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1928	1460	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 1928	1460	abcc58219e92ce2a6c2ec4a5d14efdd09b3b7d126ed0081d8ad453c25bef7b67.exe	29
PID 1460 wrote to memory of 1928	1460	abcc58219e92ce2a6c2ec4a5d14efdd09b3b7d126ed0081d8ad453c25bef7b67.exe	29
PID 1460 wrote to memory of 1928	1460	abcc58219e92ce2a6c2ec4a5d14efdd09b3b7d126ed0081d8ad453c25bef7b67.exe	29
PID 1460 wrote to memory of 1928	1460	abcc58219e92ce2a6c2ec4a5d14efdd09b3b7d126ed0081d8ad453c25bef7b67.exe	29

C:\Users\Admin\AppData\Local\Temp\abcc58219e92ce2a6c2ec4a5d14efdd09b3b7d126ed0081d8ad453c25bef7b67.exe
"C:\Users\Admin\AppData\Local\Temp\abcc58219e92ce2a6c2ec4a5d14efdd09b3b7d126ed0081d8ad453c25bef7b67.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 540
  2⤵
  - Program crash
  PID:1928

memory/1460-54-0x0000000000CB0000-0x0000000000CBE000-memory.dmp

Filesize
56KB

Download