cd4bcc20943dfd31e5528f0ef9693a198b66f75a2c29a735d6b8b67f32d5252f

Analysis

max time kernel
7s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 11:10

Target

cd4bcc20943dfd31e5528f0ef9693a198b66f75a2c29a735d6b8b67f32d5252f.exe
Size

139KB
MD5

811b0be782e4f32d16cd7856010d64f8
SHA1

c6839b7a46001669f0ad8f6283044294714ab014
SHA256

cd4bcc20943dfd31e5528f0ef9693a198b66f75a2c29a735d6b8b67f32d5252f
SHA512

62e0c276337a83a667cee2bdcc5b69bbc2b33bbd3f1003fdf5fdb24eaeb2516f2232b73818881f270e59e9397b7b1dfd24531b6c55f9e3b90a53adaaacd0fdc2
SSDEEP

3072:J8fV4E5bRRQsA1zwLvKA3voPW3rCIVCDWnkKuiLjN:mfXdRQsA1zAwWOIVYWn8Q

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1928	1852	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 1928	1852	cd4bcc20943dfd31e5528f0ef9693a198b66f75a2c29a735d6b8b67f32d5252f.exe	28
PID 1852 wrote to memory of 1928	1852	cd4bcc20943dfd31e5528f0ef9693a198b66f75a2c29a735d6b8b67f32d5252f.exe	28
PID 1852 wrote to memory of 1928	1852	cd4bcc20943dfd31e5528f0ef9693a198b66f75a2c29a735d6b8b67f32d5252f.exe	28
PID 1852 wrote to memory of 1928	1852	cd4bcc20943dfd31e5528f0ef9693a198b66f75a2c29a735d6b8b67f32d5252f.exe	28

C:\Users\Admin\AppData\Local\Temp\cd4bcc20943dfd31e5528f0ef9693a198b66f75a2c29a735d6b8b67f32d5252f.exe
"C:\Users\Admin\AppData\Local\Temp\cd4bcc20943dfd31e5528f0ef9693a198b66f75a2c29a735d6b8b67f32d5252f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 36
  2⤵
  - Program crash
  PID:1928

memory/1852-55-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download