440d277e9ebd78c2e7aff75f2d825b57a1949cb5183ca25ffcc85d40c6bfd04f

Analysis

max time kernel
8s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28-11-2022 02:46

Target

传奇私服刷元宝外挂工具（体验版）/传奇私服刷元宝外挂专业版.exe
Size

3.9MB
MD5

2becedfd4bce37ae8a744086814aa8ff
SHA1

785d3e17a1983a6e9a7bb22784947ae28645a37d
SHA256

d0a32fddf631cbda1374d83e04767c8783bc44aa3ea6669e6b44181ed1237247
SHA512

e690f76aa060abbdd190b8a1826009900f1dc8de1dcc2d180531fc9e2acf9679d90720c749d78ed6450a28a38361b954417b6f0016c5456e07a81da5280f2a31
SSDEEP

49152:a3LW8RVteezWGxnnUJg3MctQDV/ymoZ9aEGVjri4XeY99u6tjfJEgRm5UKESz:aaYVhxnUgc7B/yjaEGVjriUXPuK1Rmtz

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1724 884 WerFault.exe 传奇私服刷元宝外挂专业版.exe

pid	pid_target	process	target process
1724	884	WerFault.exe	传奇私服刷元宝外挂专业版.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

传奇私服刷元宝外挂专业版.exe

description	pid	process	target process
PID 884 wrote to memory of 1724	884	传奇私服刷元宝外挂专业版.exe	WerFault.exe
PID 884 wrote to memory of 1724	884	传奇私服刷元宝外挂专业版.exe	WerFault.exe
PID 884 wrote to memory of 1724	884	传奇私服刷元宝外挂专业版.exe	WerFault.exe
PID 884 wrote to memory of 1724	884	传奇私服刷元宝外挂专业版.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\传奇私服刷元宝外挂工具（体验版）\传奇私服刷元宝外挂专业版.exe
"C:\Users\Admin\AppData\Local\Temp\传奇私服刷元宝外挂工具（体验版）\传奇私服刷元宝外挂专业版.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:884
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 120
  2⤵
  - Program crash
  PID:1724

memory/884-54-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download
memory/1724-55-0x0000000000000000-mapping.dmp

Download