7d166a2ba146a9ff855ee93c3f008ab8d86202a8ff6e9d2d05eac2461e9db473

Analysis

max time kernel
9s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23/11/2022, 21:37

Target

7d166a2ba146a9ff855ee93c3f008ab8d86202a8ff6e9d2d05eac2461e9db473.exe
Size

62KB
MD5

16ebb3f1a8e14260f12db64ee0487c45
SHA1

15118b4fe8265a08ca81150d00161e119711afc4
SHA256

7d166a2ba146a9ff855ee93c3f008ab8d86202a8ff6e9d2d05eac2461e9db473
SHA512

4a9dea0fd99fd01f7797c7e4e1e87b33dc12733152153aba6d0c5bdd8f2094aa2f3ed9c9a7d025e0de83de65dcdbe939a069a7366a74e853eaa1f7806f4c7ec5
SSDEEP

1536:0qcsSQghJYvTfeIEAjh7uMtT5PmE9v5ZBKLQ3zJQ6lktwbpy:0UEOvDJpUQT5eE9v5ZBK4Jlk0y

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1728	1520	WerFault.exe	24

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 1728	1520	7d166a2ba146a9ff855ee93c3f008ab8d86202a8ff6e9d2d05eac2461e9db473.exe	27
PID 1520 wrote to memory of 1728	1520	7d166a2ba146a9ff855ee93c3f008ab8d86202a8ff6e9d2d05eac2461e9db473.exe	27
PID 1520 wrote to memory of 1728	1520	7d166a2ba146a9ff855ee93c3f008ab8d86202a8ff6e9d2d05eac2461e9db473.exe	27
PID 1520 wrote to memory of 1728	1520	7d166a2ba146a9ff855ee93c3f008ab8d86202a8ff6e9d2d05eac2461e9db473.exe	27

C:\Users\Admin\AppData\Local\Temp\7d166a2ba146a9ff855ee93c3f008ab8d86202a8ff6e9d2d05eac2461e9db473.exe
"C:\Users\Admin\AppData\Local\Temp\7d166a2ba146a9ff855ee93c3f008ab8d86202a8ff6e9d2d05eac2461e9db473.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 36
  2⤵
  - Program crash
  PID:1728

memory/1520-55-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download