b4b3ba114ad79eb96b5d66b9f9e9a73480472da1dd82d7a2fb5de837efbdcbda

Analysis

max time kernel
238s
max time network
337s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 11:29

Target

b4b3ba114ad79eb96b5d66b9f9e9a73480472da1dd82d7a2fb5de837efbdcbda.exe
Size

410KB
MD5

c86c607af3e7a2363c519f8c2d4ea50e
SHA1

2429e505445dab7a671a4f429ca498162a82b35a
SHA256

b4b3ba114ad79eb96b5d66b9f9e9a73480472da1dd82d7a2fb5de837efbdcbda
SHA512

c2b7a84fdc33a4c35a484e8b075a64d0450917ff32100bb4925951b592a418f17550692f1e2b0531a36e185fa3b14955d751cf3344247063b6568701cca1f41e
SSDEEP

6144:+ptvC7TlGDMoqJnD48CCKVBzakE7G/XAxb5vSr31RYDrLhCxPJA:sC7ZrRD48CJVBz+1xbh831RYDrd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1760	1872	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 1760	1872	b4b3ba114ad79eb96b5d66b9f9e9a73480472da1dd82d7a2fb5de837efbdcbda.exe	27
PID 1872 wrote to memory of 1760	1872	b4b3ba114ad79eb96b5d66b9f9e9a73480472da1dd82d7a2fb5de837efbdcbda.exe	27
PID 1872 wrote to memory of 1760	1872	b4b3ba114ad79eb96b5d66b9f9e9a73480472da1dd82d7a2fb5de837efbdcbda.exe	27
PID 1872 wrote to memory of 1760	1872	b4b3ba114ad79eb96b5d66b9f9e9a73480472da1dd82d7a2fb5de837efbdcbda.exe	27

C:\Users\Admin\AppData\Local\Temp\b4b3ba114ad79eb96b5d66b9f9e9a73480472da1dd82d7a2fb5de837efbdcbda.exe
"C:\Users\Admin\AppData\Local\Temp\b4b3ba114ad79eb96b5d66b9f9e9a73480472da1dd82d7a2fb5de837efbdcbda.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 196
  2⤵
  - Program crash
  PID:1760

memory/1872-54-0x0000000075C11000-0x0000000075C13000-memory.dmp

Filesize
8KB

Download
memory/1872-55-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1872-57-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download