16a1509daf3d2483d060bdcd61719d00873e391074ee5d3ba542b72087615cf3

Analysis

max time kernel
30s
max time network
176s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 20:46

Target

16a1509daf3d2483d060bdcd61719d00873e391074ee5d3ba542b72087615cf3.exe
Size

595KB
MD5

4f9f0b8ea80d2362450784b7c5784198
SHA1

522411481829f0675fe5aae3a0e5e121b0799ef8
SHA256

16a1509daf3d2483d060bdcd61719d00873e391074ee5d3ba542b72087615cf3
SHA512

dff0911b65ddeb74dca5cc563e952005dcab38a82667a914f3bfe90b8fe552da3dad38a485c299a801f9f2fdd9f3cf00a10e2fd4ca0a1e6dc1db0854808f83d5
SSDEEP

12288:1XBKOsNlrnGq9ncE3620BxrZdqMS6+YOhper5:bYlrXnZKJXKo+Je5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1108	1724	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 1108	1724	16a1509daf3d2483d060bdcd61719d00873e391074ee5d3ba542b72087615cf3.exe	28
PID 1724 wrote to memory of 1108	1724	16a1509daf3d2483d060bdcd61719d00873e391074ee5d3ba542b72087615cf3.exe	28
PID 1724 wrote to memory of 1108	1724	16a1509daf3d2483d060bdcd61719d00873e391074ee5d3ba542b72087615cf3.exe	28
PID 1724 wrote to memory of 1108	1724	16a1509daf3d2483d060bdcd61719d00873e391074ee5d3ba542b72087615cf3.exe	28

C:\Users\Admin\AppData\Local\Temp\16a1509daf3d2483d060bdcd61719d00873e391074ee5d3ba542b72087615cf3.exe
"C:\Users\Admin\AppData\Local\Temp\16a1509daf3d2483d060bdcd61719d00873e391074ee5d3ba542b72087615cf3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 72
  2⤵
  - Program crash
  PID:1108

memory/1724-54-0x0000000001370000-0x000000000140A000-memory.dmp

Filesize
616KB

Download
memory/1724-56-0x0000000001370000-0x000000000140A000-memory.dmp

Filesize
616KB

Download