f72518ff5b89daf0ae094d260b70b3f7ad5669fa7884128418d22ed06b059cad

Analysis

max time kernel
31s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 18:35

Target

f72518ff5b89daf0ae094d260b70b3f7ad5669fa7884128418d22ed06b059cad.exe
Size

19KB
MD5

34a38ec76c8fd354e55df9fc5c35a815
SHA1

553fa9c46c1e9fccca2c007f8bba22d36172d0c9
SHA256

f72518ff5b89daf0ae094d260b70b3f7ad5669fa7884128418d22ed06b059cad
SHA512

5caf7fc5087949ea34a9df3145b7ddea2839667262daa84ba15b7223154c16c83aec4eee7d753b0728dad38d47027e0e1bc78d3a59887822ddcf40bd76602ec0
SSDEEP

384:Ck0TOO0ppmgqNTBdSkKLV5Igpfxb+uyqugOQJStocb4s1egS07vEnL:fTqTuk642ZbwqZJSxbH1ff78L

Score

6^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1948 1772 WerFault.exe IEXPLORE.EXE

pid	pid_target	process	target process
1948	1772	WerFault.exe	IEXPLORE.EXE

Suspicious use of SetThreadContext 1 IoCs

Processes:

f72518ff5b89daf0ae094d260b70b3f7ad5669fa7884128418d22ed06b059cad.exe

description	pid	process	target process
PID 1720 set thread context of 1772	1720	f72518ff5b89daf0ae094d260b70b3f7ad5669fa7884128418d22ed06b059cad.exe	IEXPLORE.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

f72518ff5b89daf0ae094d260b70b3f7ad5669fa7884128418d22ed06b059cad.exe

description pid process

Token: SeIncBasePriorityPrivilege 1720 f72518ff5b89daf0ae094d260b70b3f7ad5669fa7884128418d22ed06b059cad.exe

description	pid	process
Token: SeIncBasePriorityPrivilege	1720	f72518ff5b89daf0ae094d260b70b3f7ad5669fa7884128418d22ed06b059cad.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

f72518ff5b89daf0ae094d260b70b3f7ad5669fa7884128418d22ed06b059cad.exeIEXPLORE.EXE

description	pid	process	target process
PID 1720 wrote to memory of 1772	1720	f72518ff5b89daf0ae094d260b70b3f7ad5669fa7884128418d22ed06b059cad.exe	IEXPLORE.EXE
PID 1720 wrote to memory of 1772	1720	f72518ff5b89daf0ae094d260b70b3f7ad5669fa7884128418d22ed06b059cad.exe	IEXPLORE.EXE
PID 1720 wrote to memory of 1772	1720	f72518ff5b89daf0ae094d260b70b3f7ad5669fa7884128418d22ed06b059cad.exe	IEXPLORE.EXE
PID 1720 wrote to memory of 1772	1720	f72518ff5b89daf0ae094d260b70b3f7ad5669fa7884128418d22ed06b059cad.exe	IEXPLORE.EXE
PID 1720 wrote to memory of 1772	1720	f72518ff5b89daf0ae094d260b70b3f7ad5669fa7884128418d22ed06b059cad.exe	IEXPLORE.EXE
PID 1720 wrote to memory of 1772	1720	f72518ff5b89daf0ae094d260b70b3f7ad5669fa7884128418d22ed06b059cad.exe	IEXPLORE.EXE
PID 1720 wrote to memory of 1772	1720	f72518ff5b89daf0ae094d260b70b3f7ad5669fa7884128418d22ed06b059cad.exe	IEXPLORE.EXE
PID 1720 wrote to memory of 1772	1720	f72518ff5b89daf0ae094d260b70b3f7ad5669fa7884128418d22ed06b059cad.exe	IEXPLORE.EXE
PID 1772 wrote to memory of 1948	1772	IEXPLORE.EXE	WerFault.exe
PID 1772 wrote to memory of 1948	1772	IEXPLORE.EXE	WerFault.exe
PID 1772 wrote to memory of 1948	1772	IEXPLORE.EXE	WerFault.exe
PID 1772 wrote to memory of 1948	1772	IEXPLORE.EXE	WerFault.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"
2⤵
- Suspicious use of WriteProcessMemory
PID:1772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 36
3⤵
- Program crash
PID:1948

memory/1720-54-0x0000000014140000-0x0000000014149000-memory.dmp

Filesize
36KB

Download
memory/1948-55-0x0000000000000000-mapping.dmp

Download