b2e2b6924e0c042cf281b51338e6a376fb58f60994c89bf7ff20bd6abd2bdd52

Analysis

max time kernel
20s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 12:31

Target

b2e2b6924e0c042cf281b51338e6a376fb58f60994c89bf7ff20bd6abd2bdd52.exe
Size

66KB
MD5

8a6caafb640e47541dcea09b86c4b3b1
SHA1

b3c5dc7193a5654de4db4be5b2ac715ee14df48c
SHA256

b2e2b6924e0c042cf281b51338e6a376fb58f60994c89bf7ff20bd6abd2bdd52
SHA512

2f0f372ebdcd7f861a178ee5e24f7f90cf8791559a77fd7634b4740f0baeec89265e51a8ccb2a4f8606003d9edc13940a91e7a4d1aae651ce907b4fed2d01147
SSDEEP

1536:0XExGFisTQ/jLnyXoCbwHFRnIcj8ruLBHgP+2M+772hqJxxVfBd:0fVQ72Y1Tj8ruLtU+2n+G1fL

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1736	852	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 1736	852	b2e2b6924e0c042cf281b51338e6a376fb58f60994c89bf7ff20bd6abd2bdd52.exe	27
PID 852 wrote to memory of 1736	852	b2e2b6924e0c042cf281b51338e6a376fb58f60994c89bf7ff20bd6abd2bdd52.exe	27
PID 852 wrote to memory of 1736	852	b2e2b6924e0c042cf281b51338e6a376fb58f60994c89bf7ff20bd6abd2bdd52.exe	27
PID 852 wrote to memory of 1736	852	b2e2b6924e0c042cf281b51338e6a376fb58f60994c89bf7ff20bd6abd2bdd52.exe	27

C:\Users\Admin\AppData\Local\Temp\b2e2b6924e0c042cf281b51338e6a376fb58f60994c89bf7ff20bd6abd2bdd52.exe
"C:\Users\Admin\AppData\Local\Temp\b2e2b6924e0c042cf281b51338e6a376fb58f60994c89bf7ff20bd6abd2bdd52.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:852
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 36
  2⤵
  - Program crash
  PID:1736

memory/852-55-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download