abd3f4c5d80174b5420638e5a4791183b1b92b690f264c2d89cc0da9e2728f27

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21-11-2022 08:34

Target

abd3f4c5d80174b5420638e5a4791183b1b92b690f264c2d89cc0da9e2728f27.exe
Size

168KB
MD5

002ce4ab8fb70f616f1e7c8845cdfb3c
SHA1

d2c6413029df4852c106dadcd6c50f8041485508
SHA256

abd3f4c5d80174b5420638e5a4791183b1b92b690f264c2d89cc0da9e2728f27
SHA512

b7e062e46f10eee0241b56e4fb335438e8cf81c10704d7b46ecf4fa5fb370ef8e2507cc7550d513d79af17759c37ec7ea301ccd81d35abf23894abc29c65dc4c
SSDEEP

3072:eb70Y1nWWpaxehi0z9oU4rEJZasrotrUeQhdcwcLn:enCeE0z+rEJZetrUXdchLn

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1556	1344	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 1556	1344	abd3f4c5d80174b5420638e5a4791183b1b92b690f264c2d89cc0da9e2728f27.exe	26
PID 1344 wrote to memory of 1556	1344	abd3f4c5d80174b5420638e5a4791183b1b92b690f264c2d89cc0da9e2728f27.exe	26
PID 1344 wrote to memory of 1556	1344	abd3f4c5d80174b5420638e5a4791183b1b92b690f264c2d89cc0da9e2728f27.exe	26
PID 1344 wrote to memory of 1556	1344	abd3f4c5d80174b5420638e5a4791183b1b92b690f264c2d89cc0da9e2728f27.exe	26

C:\Users\Admin\AppData\Local\Temp\abd3f4c5d80174b5420638e5a4791183b1b92b690f264c2d89cc0da9e2728f27.exe
"C:\Users\Admin\AppData\Local\Temp\abd3f4c5d80174b5420638e5a4791183b1b92b690f264c2d89cc0da9e2728f27.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 120
  2⤵
  - Program crash
  PID:1556

memory/1344-54-0x0000000074F41000-0x0000000074F43000-memory.dmp

Filesize
8KB

Download
memory/1344-55-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/1556-56-0x0000000000000000-mapping.dmp

Download