afe219a0f4170949cda00b98150601734cd3b6e73a3198fc539caac90bdd7dfd

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 07:24

Target

2008传奇通用登陆器配置工具-(奥运版)√/2008传奇通用登陆器配置工具-(奥运版)√/登陆器配置器.exe
Size

3.0MB
MD5

40d75fb57922994a1ca2d9e185ee6ee8
SHA1

cc5ae56c896151f81b748e1562fc9fae08fc7494
SHA256

8318c22a9aff0d777288f92211a71dc2f1ce97fe7bae6317291ba77feacb2d70
SHA512

0c25633b54c61061d34f5f07edeb4351f2dd61a3dc958d09d2c1ff1e0bf1ad8daa15279e04cc75de33a9bffab821f52c9e9d6fc34edd9cedae0c5e71f59bf9ff
SSDEEP

98304:Raem5WG6VosTXOzIC2UW/0dW0ZkESsvD/D+donCYUy9:qVsRTIRZ97/A1YX

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1324	1644	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 1324	1644	登陆器配置器.exe	28
PID 1644 wrote to memory of 1324	1644	登陆器配置器.exe	28
PID 1644 wrote to memory of 1324	1644	登陆器配置器.exe	28
PID 1644 wrote to memory of 1324	1644	登陆器配置器.exe	28

C:\Users\Admin\AppData\Local\Temp\2008传奇通用登陆器配置工具-(奥运版)√\2008传奇通用登陆器配置工具-(奥运版)√\登陆器配置器.exe
"C:\Users\Admin\AppData\Local\Temp\2008传奇通用登陆器配置工具-(奥运版)√\2008传奇通用登陆器配置工具-(奥运版)√\登陆器配置器.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 92
  2⤵
  - Program crash
  PID:1324