2b52f7b84e08309f7d7430e72e9712a351c00b5c5c7fc7ef0cff50b755b6ffe6

Analysis

max time kernel
27s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 18:52

Target

2b52f7b84e08309f7d7430e72e9712a351c00b5c5c7fc7ef0cff50b755b6ffe6.exe
Size

184KB
MD5

4efcd92bb8f56e14b1d8345e9d2cfdcf
SHA1

9114bebb091e41dd0ec1e637972b275f7738f070
SHA256

2b52f7b84e08309f7d7430e72e9712a351c00b5c5c7fc7ef0cff50b755b6ffe6
SHA512

e579d61d0f673fdc45fe957063026e60080ff00c785df22f44eee0632a3933dd06d44f72307588cf7ed375224613f9fc3e2ac00ae7bb8a3b400744b37b2344a1
SSDEEP

3072:YDb6Fv76nbvsMcZ3eawlI88rnXD2olnb4oQZiEyXpjg:yIv76nbvsh1eI8onBVW5

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2024 1108 WerFault.exe 2b52f7b84e08309f7d7430e72e9712a351c00b5c5c7fc7ef0cff50b755b6ffe6.exe

pid	pid_target	process	target process
2024	1108	WerFault.exe	2b52f7b84e08309f7d7430e72e9712a351c00b5c5c7fc7ef0cff50b755b6ffe6.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

2b52f7b84e08309f7d7430e72e9712a351c00b5c5c7fc7ef0cff50b755b6ffe6.exe

description	pid	process	target process
PID 1108 wrote to memory of 2024	1108	2b52f7b84e08309f7d7430e72e9712a351c00b5c5c7fc7ef0cff50b755b6ffe6.exe	WerFault.exe
PID 1108 wrote to memory of 2024	1108	2b52f7b84e08309f7d7430e72e9712a351c00b5c5c7fc7ef0cff50b755b6ffe6.exe	WerFault.exe
PID 1108 wrote to memory of 2024	1108	2b52f7b84e08309f7d7430e72e9712a351c00b5c5c7fc7ef0cff50b755b6ffe6.exe	WerFault.exe
PID 1108 wrote to memory of 2024	1108	2b52f7b84e08309f7d7430e72e9712a351c00b5c5c7fc7ef0cff50b755b6ffe6.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\2b52f7b84e08309f7d7430e72e9712a351c00b5c5c7fc7ef0cff50b755b6ffe6.exe
"C:\Users\Admin\AppData\Local\Temp\2b52f7b84e08309f7d7430e72e9712a351c00b5c5c7fc7ef0cff50b755b6ffe6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 148
2⤵
- Program crash
PID:2024

memory/1108-55-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2024-54-0x0000000000000000-mapping.dmp

Download