ebb4bb58bc0f9a6eb501fea32f4216698670666d4cd450a4095edad6d624090f

Analysis

max time kernel
32s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 16:01

Target

ebb4bb58bc0f9a6eb501fea32f4216698670666d4cd450a4095edad6d624090f.exe
Size

170KB
MD5

43c5487e528ec3952a7d429b1a37a1e6
SHA1

73cb91e30a1ebeabd209916f5337ff65d9f6286d
SHA256

ebb4bb58bc0f9a6eb501fea32f4216698670666d4cd450a4095edad6d624090f
SHA512

bf41b7d04ecac05e3624306e315239166b5004126c50b7fc5c83d6cb68f25588fc9cf82f0f7c3ba3efc68f6a44c24ba12872e5f5b93580ddf92579a090e47224
SSDEEP

3072:ivsp2z4JMWLaMrGcDzINDVpVHvsyRnoYmp25L7qouIWm4w+sCF8uzdW5dMSX:ivuoeycD+HvsAoYmp2ju44w+N8WdWjlX

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1668 1000 WerFault.exe ebb4bb58bc0f9a6eb501fea32f4216698670666d4cd450a4095edad6d624090f.exe

pid	pid_target	process	target process
1668	1000	WerFault.exe	ebb4bb58bc0f9a6eb501fea32f4216698670666d4cd450a4095edad6d624090f.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

ebb4bb58bc0f9a6eb501fea32f4216698670666d4cd450a4095edad6d624090f.exe

description	pid	process	target process
PID 1000 wrote to memory of 1668	1000	ebb4bb58bc0f9a6eb501fea32f4216698670666d4cd450a4095edad6d624090f.exe	WerFault.exe
PID 1000 wrote to memory of 1668	1000	ebb4bb58bc0f9a6eb501fea32f4216698670666d4cd450a4095edad6d624090f.exe	WerFault.exe
PID 1000 wrote to memory of 1668	1000	ebb4bb58bc0f9a6eb501fea32f4216698670666d4cd450a4095edad6d624090f.exe	WerFault.exe
PID 1000 wrote to memory of 1668	1000	ebb4bb58bc0f9a6eb501fea32f4216698670666d4cd450a4095edad6d624090f.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\ebb4bb58bc0f9a6eb501fea32f4216698670666d4cd450a4095edad6d624090f.exe
"C:\Users\Admin\AppData\Local\Temp\ebb4bb58bc0f9a6eb501fea32f4216698670666d4cd450a4095edad6d624090f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 164
  2⤵
  - Program crash
  PID:1668

memory/1000-54-0x0000000075201000-0x0000000075203000-memory.dmp

Filesize
8KB

Download
memory/1000-56-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1668-55-0x0000000000000000-mapping.dmp

Download