8e58bdcdcf42239780392f91f6c336e532d99554b4d276d7ea4584b7bfda395a

Analysis

max time kernel
32s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:22

Target

8e58bdcdcf42239780392f91f6c336e532d99554b4d276d7ea4584b7bfda395a.exe
Size

75KB
MD5

66e9a238aca0930c9fbcd9caffb0c11a
SHA1

88aa359d54bfa3d7c6e0fa68d2ec4922fde895aa
SHA256

8e58bdcdcf42239780392f91f6c336e532d99554b4d276d7ea4584b7bfda395a
SHA512

a725ed89ea5756cafeb8c31ead351672b081f9f99da8346aa50d603e6f8fd67ab092d2ed1cf560cae085dde3c4beacc20336bb9cf2c07e39edb0f6d09b1c3d1c
SSDEEP

1536:kaQ+lEXrlmk24OtyuT3us5A3DUKPOD/309tgGaIgwOVA:blE7lmkbOtyuTes5EOz09faIkVA

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2020 872 WerFault.exe 8e58bdcdcf42239780392f91f6c336e532d99554b4d276d7ea4584b7bfda395a.exe

pid	pid_target	process	target process
2020	872	WerFault.exe	8e58bdcdcf42239780392f91f6c336e532d99554b4d276d7ea4584b7bfda395a.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

8e58bdcdcf42239780392f91f6c336e532d99554b4d276d7ea4584b7bfda395a.exe

description	pid	process	target process
PID 872 wrote to memory of 2020	872	8e58bdcdcf42239780392f91f6c336e532d99554b4d276d7ea4584b7bfda395a.exe	WerFault.exe
PID 872 wrote to memory of 2020	872	8e58bdcdcf42239780392f91f6c336e532d99554b4d276d7ea4584b7bfda395a.exe	WerFault.exe
PID 872 wrote to memory of 2020	872	8e58bdcdcf42239780392f91f6c336e532d99554b4d276d7ea4584b7bfda395a.exe	WerFault.exe
PID 872 wrote to memory of 2020	872	8e58bdcdcf42239780392f91f6c336e532d99554b4d276d7ea4584b7bfda395a.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\8e58bdcdcf42239780392f91f6c336e532d99554b4d276d7ea4584b7bfda395a.exe
"C:\Users\Admin\AppData\Local\Temp\8e58bdcdcf42239780392f91f6c336e532d99554b4d276d7ea4584b7bfda395a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 36
  2⤵
  - Program crash
  PID:2020

memory/872-55-0x0000000000400000-0x000000000042D642-memory.dmp

Filesize
181KB

Download
memory/2020-54-0x0000000000000000-mapping.dmp

Download