97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f

Analysis

max time kernel
39s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 13:36

Target

97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe
Size

524KB
MD5

d0fc0614b6465ed557646716af2b0574
SHA1

03df1c7d9c5773af81f36c614f7a8f472803dae8
SHA256

97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f
SHA512

c60ecf0d916637cdb23909f0415e1ab0dc58d99ced3e5cc6a54f08e5ca5c6d2cca86dcf4863a8cb9ce2e0d58de3b71889f52af5e6838ec018e991f1bb74e5cde
SSDEEP

12288:F/QVSlVUpR4Pkqg5fBrpDhVzvBVKXCuapzDBG:FoIERekqgnr3VzvSXCXD

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1764 1200 WerFault.exe 97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe

pid	pid_target	process	target process
1764	1200	WerFault.exe	97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe

description	pid	process	target process
PID 1272 wrote to memory of 1200	1272	97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe	97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe
PID 1272 wrote to memory of 1200	1272	97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe	97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe
PID 1272 wrote to memory of 1200	1272	97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe	97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe
PID 1272 wrote to memory of 1200	1272	97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe	97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe
PID 1200 wrote to memory of 1764	1200	97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe	WerFault.exe
PID 1200 wrote to memory of 1764	1200	97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe	WerFault.exe
PID 1200 wrote to memory of 1764	1200	97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe	WerFault.exe
PID 1200 wrote to memory of 1764	1200	97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe
"C:\Users\Admin\AppData\Local\Temp\97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1272

C:\Users\Admin\AppData\Local\Temp\97d2ffc9d5ca1e823d728719575d7ab4c88b63636dbf41b25b0729e20ece992f.exe
tear
2⤵
- Suspicious use of WriteProcessMemory
PID:1200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 156
3⤵
- Program crash
PID:1764

memory/1200-55-0x0000000000000000-mapping.dmp

Download
memory/1272-54-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/1272-56-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/1764-57-0x0000000000000000-mapping.dmp

Download