8bc3054d971d3d5b2636a6e4bb0f36c1ea99f22ee1adec82610808e7393a872b

Analysis

max time kernel
24s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 11:51

Target

8bc3054d971d3d5b2636a6e4bb0f36c1ea99f22ee1adec82610808e7393a872b.exe
Size

111KB
MD5

0f63f6c163d05497a11cddfb386d4960
SHA1

0dc8dcd9c221c262e6315272648f7106f11e5e55
SHA256

8bc3054d971d3d5b2636a6e4bb0f36c1ea99f22ee1adec82610808e7393a872b
SHA512

5325f4f783c1b32d1830aaef0a5d03bc41fa134c54c016e0a9171a4927e67d9497e2425fbb2579f0769acbee328d9ffe4d86bf0510b77671f8f1f6a252e66c2f
SSDEEP

3072:OOtVKFsL9Vjp4RD7Bq1fyyvHl+J3ngWEN:PV99ViRQ5yhd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1884	608	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 608 wrote to memory of 1884	608	8bc3054d971d3d5b2636a6e4bb0f36c1ea99f22ee1adec82610808e7393a872b.exe	28
PID 608 wrote to memory of 1884	608	8bc3054d971d3d5b2636a6e4bb0f36c1ea99f22ee1adec82610808e7393a872b.exe	28
PID 608 wrote to memory of 1884	608	8bc3054d971d3d5b2636a6e4bb0f36c1ea99f22ee1adec82610808e7393a872b.exe	28
PID 608 wrote to memory of 1884	608	8bc3054d971d3d5b2636a6e4bb0f36c1ea99f22ee1adec82610808e7393a872b.exe	28

C:\Users\Admin\AppData\Local\Temp\8bc3054d971d3d5b2636a6e4bb0f36c1ea99f22ee1adec82610808e7393a872b.exe
"C:\Users\Admin\AppData\Local\Temp\8bc3054d971d3d5b2636a6e4bb0f36c1ea99f22ee1adec82610808e7393a872b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:608
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 540
  2⤵
  - Program crash
  PID:1884

memory/608-54-0x0000000000F40000-0x0000000000F62000-memory.dmp

Filesize
136KB

Download