c93137d21e9fb39b6d4bed9fe8307b7975a0e387a684d3e7319c6f37fbd5ae1a

Analysis

max time kernel
3s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 12:18

Target

c93137d21e9fb39b6d4bed9fe8307b7975a0e387a684d3e7319c6f37fbd5ae1a.exe
Size

24KB
MD5

922d86530f5d9f454d0a39a5937abd69
SHA1

0ae1cdd12e7903d142315f616bcc4a4d94fe401c
SHA256

c93137d21e9fb39b6d4bed9fe8307b7975a0e387a684d3e7319c6f37fbd5ae1a
SHA512

55f4f0a1a40a85dbb08f05f0de716cc93aacdc66a568b3e2af08ed35c6c4091be0e39695d556f525426412aca6696ad5163ba71035f8b549f4fc1d6bfa8d760a
SSDEEP

384:WLkWxiJTFQHMsFZ9/BTISuE4cwniEdc+qx8TzzRK5YR/VMLRHHlgiZNkDJjJ3hcO:HWZ9/B8FcIiE2+vHKkVExlgisDJJx40d

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2044	1060	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 2044	1060	c93137d21e9fb39b6d4bed9fe8307b7975a0e387a684d3e7319c6f37fbd5ae1a.exe	28
PID 1060 wrote to memory of 2044	1060	c93137d21e9fb39b6d4bed9fe8307b7975a0e387a684d3e7319c6f37fbd5ae1a.exe	28
PID 1060 wrote to memory of 2044	1060	c93137d21e9fb39b6d4bed9fe8307b7975a0e387a684d3e7319c6f37fbd5ae1a.exe	28
PID 1060 wrote to memory of 2044	1060	c93137d21e9fb39b6d4bed9fe8307b7975a0e387a684d3e7319c6f37fbd5ae1a.exe	28

C:\Users\Admin\AppData\Local\Temp\c93137d21e9fb39b6d4bed9fe8307b7975a0e387a684d3e7319c6f37fbd5ae1a.exe
"C:\Users\Admin\AppData\Local\Temp\c93137d21e9fb39b6d4bed9fe8307b7975a0e387a684d3e7319c6f37fbd5ae1a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 88
  2⤵
  - Program crash
  PID:2044

memory/1060-55-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download