dc2892a1f083c29fcfdaba21d8274472ad1e3aea4777e826bcbb8e9089a04978

Analysis

max time kernel
74s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:20

Target

dc2892a1f083c29fcfdaba21d8274472ad1e3aea4777e826bcbb8e9089a04978.exe
Size

76KB
MD5

214667d87fcee1681730fbeb936ea368
SHA1

161030a825ffb4935629f7a3c646b96739c5b890
SHA256

dc2892a1f083c29fcfdaba21d8274472ad1e3aea4777e826bcbb8e9089a04978
SHA512

7a252af653b08061af33b539d153f29cc0bb6fb5539bc0c4eb5c52cfc8c5dcfaa168cc7ff4c138c76716616fe4a3bd8dd641e287fd022b526db7abb61bfbf242
SSDEEP

1536:fxI5cb/IH9dPced3DpAdzsp2cYGyh/r5FO1uT59EQW8sU/edhZKz/U85:fxngH9SY3DSdwp23vr5FOQg05ekT5

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

560 1644 WerFault.exe dc2892a1f083c29fcfdaba21d8274472ad1e3aea4777e826bcbb8e9089a04978.exe

pid	pid_target	process	target process
560	1644	WerFault.exe	dc2892a1f083c29fcfdaba21d8274472ad1e3aea4777e826bcbb8e9089a04978.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

dc2892a1f083c29fcfdaba21d8274472ad1e3aea4777e826bcbb8e9089a04978.exe

description	pid	process	target process
PID 1644 wrote to memory of 560	1644	dc2892a1f083c29fcfdaba21d8274472ad1e3aea4777e826bcbb8e9089a04978.exe	WerFault.exe
PID 1644 wrote to memory of 560	1644	dc2892a1f083c29fcfdaba21d8274472ad1e3aea4777e826bcbb8e9089a04978.exe	WerFault.exe
PID 1644 wrote to memory of 560	1644	dc2892a1f083c29fcfdaba21d8274472ad1e3aea4777e826bcbb8e9089a04978.exe	WerFault.exe
PID 1644 wrote to memory of 560	1644	dc2892a1f083c29fcfdaba21d8274472ad1e3aea4777e826bcbb8e9089a04978.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\dc2892a1f083c29fcfdaba21d8274472ad1e3aea4777e826bcbb8e9089a04978.exe
"C:\Users\Admin\AppData\Local\Temp\dc2892a1f083c29fcfdaba21d8274472ad1e3aea4777e826bcbb8e9089a04978.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 36
2⤵
- Program crash
PID:560

memory/560-54-0x0000000000000000-mapping.dmp

Download
memory/1644-55-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download