5f02d11f87d53b8e02eb1a943c553c969dc80f57bad64fedd842b5607109a141

Analysis

max time kernel
53s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:05

Target

EXEPackager/exeplayer.exe
Size

331KB
MD5

b4c13f9749f28cb66fadc9e1ea48caef
SHA1

4ea8fb495da184780a6d2239ea722d203065d72b
SHA256

304c60fc47dec2b7dada88de5b7564cdc1cee643bc744c207e285f7cba58c217
SHA512

57b2ea0c74d786ce0f09c4076521d2fc8cdfa58b872895a75c41bd9e749808a29da3d8425e1caefb153fcc75f1d71c0ea955de25ba775a9291c0f681502fc6f8
SSDEEP

6144:cGbQuXWS7OXUbEdQKICbNdEOyOZH2XH+nwo0BBTO7bJnQoO4FsfkaLzEFm:3b5XhAUSQkbNdEODW3+nwj7kDOuaLoE

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

828 1704 WerFault.exe exeplayer.exe

pid	pid_target	process	target process
828	1704	WerFault.exe	exeplayer.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

exeplayer.exe

description	pid	process	target process
PID 1704 wrote to memory of 828	1704	exeplayer.exe	WerFault.exe
PID 1704 wrote to memory of 828	1704	exeplayer.exe	WerFault.exe
PID 1704 wrote to memory of 828	1704	exeplayer.exe	WerFault.exe
PID 1704 wrote to memory of 828	1704	exeplayer.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\EXEPackager\exeplayer.exe
"C:\Users\Admin\AppData\Local\Temp\EXEPackager\exeplayer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 416
2⤵
- Program crash
PID:828

memory/828-55-0x0000000000000000-mapping.dmp

Download
memory/1704-54-0x0000000075591000-0x0000000075593000-memory.dmp

Filesize
8KB

Download