7dd72aba6dce605c1511ad6a93f4971a0f0eb0a4bca0c061e9d926ae6e680f57

Analysis

max time kernel
81s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
28-11-2022 05:14

Target

7dd72aba6dce605c1511ad6a93f4971a0f0eb0a4bca0c061e9d926ae6e680f57.exe
Size

312KB
MD5

29a4c29979a8cf573f393268e1dec2a6
SHA1

16ccfe760b9073bed1c1fbf9ab00aaa10f35e217
SHA256

7dd72aba6dce605c1511ad6a93f4971a0f0eb0a4bca0c061e9d926ae6e680f57
SHA512

b83c11d6e94b39aef92ed993191dc4fe0a4184c10516deaa9a15a5bf6f6c908fbdd88b2cf7b9e5e7eb76e55f8c5a4806e361179149edff4b0665e4db0dd8cd00
SSDEEP

6144:QXNRyUj33hktUAh4KSmuH2+YPlh5W1TowUUmvr1+CMoQ2v5ObYMl:QbDjBXAhNSmO2pWXUUmiD2v5ObYMl

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
668	268	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 268 wrote to memory of 668	268	7dd72aba6dce605c1511ad6a93f4971a0f0eb0a4bca0c061e9d926ae6e680f57.exe	28
PID 268 wrote to memory of 668	268	7dd72aba6dce605c1511ad6a93f4971a0f0eb0a4bca0c061e9d926ae6e680f57.exe	28
PID 268 wrote to memory of 668	268	7dd72aba6dce605c1511ad6a93f4971a0f0eb0a4bca0c061e9d926ae6e680f57.exe	28
PID 268 wrote to memory of 668	268	7dd72aba6dce605c1511ad6a93f4971a0f0eb0a4bca0c061e9d926ae6e680f57.exe	28

C:\Users\Admin\AppData\Local\Temp\7dd72aba6dce605c1511ad6a93f4971a0f0eb0a4bca0c061e9d926ae6e680f57.exe
"C:\Users\Admin\AppData\Local\Temp\7dd72aba6dce605c1511ad6a93f4971a0f0eb0a4bca0c061e9d926ae6e680f57.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:268
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 36
  2⤵
  - Program crash
  PID:668

memory/268-54-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/668-55-0x0000000000000000-mapping.dmp

Download