cecdf69d18c192fb1bd2a7dcf6f9d271b70b5a46edaca02cc736dff5abdc1918

Analysis

max time kernel
62s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 07:42

Target

˵˵ɾ޸.exe
Size

343KB
MD5

7d317a8104d9a96d2dd45a47d4eebd86
SHA1

5e7c361187dd0da98ea6d86f2b05eecd58b1a393
SHA256

ec06dd672d9eddfa38f051d4a1e42ea03031b9d397ab18175b3c2997255f0160
SHA512

c0dfc8bcb0a80ae4bf1c9922d6e91ac231544a48367fe7de8a500d25ac695ae957dd29f56d76662279a10fe51667c6dbb0a3117a973eded1caac4377cd78615f
SSDEEP

6144:LZgpHHdejdnn8eWUK/HzPBGev+GsCFF8lO8G2lhqTXVvwtBK7eeqDJUg:ypHHdep1x+TPBBOCFmA8G2lhqTFzelDJ

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

948 1732 WerFault.exe ˵˵ɾ޸.exe

pid	pid_target	process	target process
948	1732	WerFault.exe	˵˵ɾ޸.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

˵˵ɾ޸.exe

description	pid	process	target process
PID 1732 wrote to memory of 948	1732	˵˵ɾ޸.exe	WerFault.exe
PID 1732 wrote to memory of 948	1732	˵˵ɾ޸.exe	WerFault.exe
PID 1732 wrote to memory of 948	1732	˵˵ɾ޸.exe	WerFault.exe
PID 1732 wrote to memory of 948	1732	˵˵ɾ޸.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\˵˵ɾ޸.exe
"C:\Users\Admin\AppData\Local\Temp\˵˵ɾ޸.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 212
  2⤵
  - Program crash
  PID:948

memory/948-55-0x0000000000000000-mapping.dmp

Download
memory/1732-54-0x00000000761F1000-0x00000000761F3000-memory.dmp

Filesize
8KB

Download