200ee0581c89bc96fd729c20e2aa91fb71839a5ac8c025593066139e5c6459b9

Analysis

max time kernel
2s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:24

Target

200ee0581c89bc96fd729c20e2aa91fb71839a5ac8c025593066139e5c6459b9.exe
Size

67KB
MD5

4d2490bfb9e3c599f1130049089f4669
SHA1

4fb088d4e1c9529f172fde934fe1a54951c18eba
SHA256

200ee0581c89bc96fd729c20e2aa91fb71839a5ac8c025593066139e5c6459b9
SHA512

6bb5b4e2a2ee41d3d65d6de9ca9abec31832e3fca08249bc9e50b946a506d8c29157ba18f953af0335948787393d74dd6291107a5cba94b859fdcbbeb1368cec
SSDEEP

1536:A2p5cwVgzj//Cu1ZiJznI270ynj6Eg10B+vM10dkHK:Xk/CuWnZ/uEg1uDLHK

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1756 1324 WerFault.exe 200ee0581c89bc96fd729c20e2aa91fb71839a5ac8c025593066139e5c6459b9.exe

pid	pid_target	process	target process
1756	1324	WerFault.exe	200ee0581c89bc96fd729c20e2aa91fb71839a5ac8c025593066139e5c6459b9.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

200ee0581c89bc96fd729c20e2aa91fb71839a5ac8c025593066139e5c6459b9.exe

description	pid	process	target process
PID 1324 wrote to memory of 1756	1324	200ee0581c89bc96fd729c20e2aa91fb71839a5ac8c025593066139e5c6459b9.exe	WerFault.exe
PID 1324 wrote to memory of 1756	1324	200ee0581c89bc96fd729c20e2aa91fb71839a5ac8c025593066139e5c6459b9.exe	WerFault.exe
PID 1324 wrote to memory of 1756	1324	200ee0581c89bc96fd729c20e2aa91fb71839a5ac8c025593066139e5c6459b9.exe	WerFault.exe
PID 1324 wrote to memory of 1756	1324	200ee0581c89bc96fd729c20e2aa91fb71839a5ac8c025593066139e5c6459b9.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\200ee0581c89bc96fd729c20e2aa91fb71839a5ac8c025593066139e5c6459b9.exe
"C:\Users\Admin\AppData\Local\Temp\200ee0581c89bc96fd729c20e2aa91fb71839a5ac8c025593066139e5c6459b9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 36
2⤵
- Program crash
PID:1756

memory/1324-54-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1756-55-0x0000000000000000-mapping.dmp

Download