9d25f301201b6a6c93932de6fc2f83359c78495d2ff748f476a2e0f11cff5452

Analysis

max time kernel
36s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 11:27

Target

9d25f301201b6a6c93932de6fc2f83359c78495d2ff748f476a2e0f11cff5452.exe
Size

13KB
MD5

079d21b27ab8c5ff5df83ccf0a3da11c
SHA1

1719d5dee29531b899a1120bd448311885de69ce
SHA256

9d25f301201b6a6c93932de6fc2f83359c78495d2ff748f476a2e0f11cff5452
SHA512

af9ccceefdfa94eb02e5e79c0481b24a0d5572818af93fe4bec8c40a553acb60bedad0e9a083e5cd13935c2eaaf99c3d2497f15dd5795754d219ceb6168eb908
SSDEEP

384:LcROh9ylpKLQlbGEarA8s6XDEavUAwzrXe5jfzt:LcRuqplkzrA871UzX+jrt

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
608	1648	WerFault.exe	8

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 608	1648	9d25f301201b6a6c93932de6fc2f83359c78495d2ff748f476a2e0f11cff5452.exe	28
PID 1648 wrote to memory of 608	1648	9d25f301201b6a6c93932de6fc2f83359c78495d2ff748f476a2e0f11cff5452.exe	28
PID 1648 wrote to memory of 608	1648	9d25f301201b6a6c93932de6fc2f83359c78495d2ff748f476a2e0f11cff5452.exe	28
PID 1648 wrote to memory of 608	1648	9d25f301201b6a6c93932de6fc2f83359c78495d2ff748f476a2e0f11cff5452.exe	28

C:\Users\Admin\AppData\Local\Temp\9d25f301201b6a6c93932de6fc2f83359c78495d2ff748f476a2e0f11cff5452.exe
"C:\Users\Admin\AppData\Local\Temp\9d25f301201b6a6c93932de6fc2f83359c78495d2ff748f476a2e0f11cff5452.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 36
  2⤵
  - Program crash
  PID:608

memory/608-54-0x0000000000000000-mapping.dmp

Download
memory/1648-55-0x0000000013140000-0x000000001317E000-memory.dmp

Filesize
248KB

Download