8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646

Analysis

max time kernel
3s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:18

Target

8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe
Size

56KB
MD5

69e01a05993f4abae67930ce7b9bbc19
SHA1

50a749ad1be1e861f728779f97291d4ce1aafad7
SHA256

8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646
SHA512

581cc7fb27542bf74c8dc88f4725ecedf37394927ba2a21bd9f6611c285d4a52a3df2702bf439164b434d3c80cedd7686cbb49691df5ec49ad13708188e5c017
SSDEEP

1536:yZKKKGV+jNiJTyOuDL3OKsa9/VLnoYDJzLvM+a0blyEbVgx:ydplydODa9VLnoc1UyRVgx

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1756 1324 WerFault.exe 8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe

pid	pid_target	process	target process
1756	1324	WerFault.exe	8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe

description	pid	process	target process
PID 1324 wrote to memory of 1756	1324	8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe	WerFault.exe
PID 1324 wrote to memory of 1756	1324	8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe	WerFault.exe
PID 1324 wrote to memory of 1756	1324	8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe	WerFault.exe
PID 1324 wrote to memory of 1756	1324	8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe
"C:\Users\Admin\AppData\Local\Temp\8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 36
2⤵
- Program crash
PID:1756

memory/1324-55-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1756-54-0x0000000000000000-mapping.dmp

Download