37ea8de2dc1a5a825f369d8e70b8d4cb9bad9cbb8ba0171cfe484dfd28c00833

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
21-11-2022 12:07

Target

37ea8de2dc1a5a825f369d8e70b8d4cb9bad9cbb8ba0171cfe484dfd28c00833.exe
Size

300KB
MD5

3118b1d4bbd567e89e9061fe57e5adb0
SHA1

38dc314a6d7226709406716048d9e431420a241b
SHA256

37ea8de2dc1a5a825f369d8e70b8d4cb9bad9cbb8ba0171cfe484dfd28c00833
SHA512

1dcdc4c996f8221f58b0180c6fac38f3b0f67e10636e03f6e650d6736124235a0e758893a8b8b96255f1f0251e7e9defb7269eb79e7b93e685bc53aa5d8a8bad
SSDEEP

6144:MHT33KP4gbJzT6+Jygc0eOfsb80F5KSsQLH5Az:MDKPPJH6G3c0xfsb96SsPz

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2028	1380	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 2028	1380	37ea8de2dc1a5a825f369d8e70b8d4cb9bad9cbb8ba0171cfe484dfd28c00833.exe	27
PID 1380 wrote to memory of 2028	1380	37ea8de2dc1a5a825f369d8e70b8d4cb9bad9cbb8ba0171cfe484dfd28c00833.exe	27
PID 1380 wrote to memory of 2028	1380	37ea8de2dc1a5a825f369d8e70b8d4cb9bad9cbb8ba0171cfe484dfd28c00833.exe	27
PID 1380 wrote to memory of 2028	1380	37ea8de2dc1a5a825f369d8e70b8d4cb9bad9cbb8ba0171cfe484dfd28c00833.exe	27

C:\Users\Admin\AppData\Local\Temp\37ea8de2dc1a5a825f369d8e70b8d4cb9bad9cbb8ba0171cfe484dfd28c00833.exe
"C:\Users\Admin\AppData\Local\Temp\37ea8de2dc1a5a825f369d8e70b8d4cb9bad9cbb8ba0171cfe484dfd28c00833.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 140
  2⤵
  - Program crash
  PID:2028

memory/1380-55-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download