61da6085bd0c99af35a31fcd02a22eb70b40da188488be7e7d8f3a5f88bbe957

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 08:13

Target

QQ炫舞+连续登陆5天送QQ绿钻/教程.exe
Size

11.0MB
MD5

897b65ae7733feba6fba0980292d2a76
SHA1

7b11ac62f819f24fc7a328ba0a96edea3c830ea7
SHA256

008fb14f334883705abe000c48bf9da1f6f6660d0326fa0fc150fd8a8ff51330
SHA512

ed556b786eb5ce5c77de6e4a011f59de4636f41af4103d043032a36b6d6cac2883bd75433c9ce1459fe4a45ac6b71a471573b056c16837f37b7d4a3d4e337dd2
SSDEEP

196608:6S2VKKt/Ar7jNz0YAwtzL4B8Wc1MovHsSlJCSumeChKKDeR3zZsxNMMVqMh8ReE+:YVKvrlF7tX0891MovHshSGSeR3z8N3V5

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1128 2016 WerFault.exe 教程.exe

pid	pid_target	process	target process
1128	2016	WerFault.exe	教程.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

教程.exe

description	pid	process	target process
PID 2016 wrote to memory of 1128	2016	教程.exe	WerFault.exe
PID 2016 wrote to memory of 1128	2016	教程.exe	WerFault.exe
PID 2016 wrote to memory of 1128	2016	教程.exe	WerFault.exe
PID 2016 wrote to memory of 1128	2016	教程.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\QQ炫舞+连续登陆5天送QQ绿钻\教程.exe
"C:\Users\Admin\AppData\Local\Temp\QQ炫舞+连续登陆5天送QQ绿钻\教程.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 172
2⤵
- Program crash
PID:1128

memory/1128-55-0x0000000000000000-mapping.dmp

Download
memory/2016-54-0x0000000075A71000-0x0000000075A73000-memory.dmp

Filesize
8KB

Download