d973a278c7f18be4f4bfc22effef16947687667ad61b744ad85c591714678321

Analysis

max time kernel
4s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 11:00

Target

d973a278c7f18be4f4bfc22effef16947687667ad61b744ad85c591714678321.exe
Size

570KB
MD5

6b3fac99d438f640c13fd11dd244adef
SHA1

5d0dd1ec5ff75a42a7918efe41bfa596341db0ec
SHA256

d973a278c7f18be4f4bfc22effef16947687667ad61b744ad85c591714678321
SHA512

fa8417f81f6770e06fbeae3e92c4896273e28812cb746726271ea2198e98cc20a4988b559617791d1f3f047b19d229f5351602343589fc78f86157124220a01d
SSDEEP

12288:UPT3nf1JGSbYJVBz+1xbh831RYDrMZr1C:UPznf3GSbYPBz+1xbh83wfMZr1C

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1724	1284	WerFault.exe	21

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 1724	1284	d973a278c7f18be4f4bfc22effef16947687667ad61b744ad85c591714678321.exe	28
PID 1284 wrote to memory of 1724	1284	d973a278c7f18be4f4bfc22effef16947687667ad61b744ad85c591714678321.exe	28
PID 1284 wrote to memory of 1724	1284	d973a278c7f18be4f4bfc22effef16947687667ad61b744ad85c591714678321.exe	28
PID 1284 wrote to memory of 1724	1284	d973a278c7f18be4f4bfc22effef16947687667ad61b744ad85c591714678321.exe	28

C:\Users\Admin\AppData\Local\Temp\d973a278c7f18be4f4bfc22effef16947687667ad61b744ad85c591714678321.exe
"C:\Users\Admin\AppData\Local\Temp\d973a278c7f18be4f4bfc22effef16947687667ad61b744ad85c591714678321.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 196
  2⤵
  - Program crash
  PID:1724

memory/1284-54-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download
memory/1284-55-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1284-56-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download