c8f074168a82b04049280aacebdb6d040db6a4cb741bbe17bd53cb23bdb80e0c

Analysis

max time kernel
129s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 12:36

Target

c8f074168a82b04049280aacebdb6d040db6a4cb741bbe17bd53cb23bdb80e0c.exe
Size

642KB
MD5

50df724bc3d4f27228e67ddb538ff883
SHA1

bd5dc3c5a4541c00d9ce81e5c38d9e15a9c96008
SHA256

c8f074168a82b04049280aacebdb6d040db6a4cb741bbe17bd53cb23bdb80e0c
SHA512

8651b58683bc6d5cf52b8e5b1ebb535147ca7d3580caf839cf4a97c8703f895eed1917038a50088b152b3f2f55bb8667fff554368965b3456993f19f76eae7a0
SSDEEP

12288:TG2C8wNvHLqQaeZ96DN5BrziFPm24pMPZqFwaF/c09z:TFCRvrqQa096DnRziFPm/MQFJFxJ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
940	1224	WerFault.exe	24

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1224 wrote to memory of 940	1224	c8f074168a82b04049280aacebdb6d040db6a4cb741bbe17bd53cb23bdb80e0c.exe	28
PID 1224 wrote to memory of 940	1224	c8f074168a82b04049280aacebdb6d040db6a4cb741bbe17bd53cb23bdb80e0c.exe	28
PID 1224 wrote to memory of 940	1224	c8f074168a82b04049280aacebdb6d040db6a4cb741bbe17bd53cb23bdb80e0c.exe	28
PID 1224 wrote to memory of 940	1224	c8f074168a82b04049280aacebdb6d040db6a4cb741bbe17bd53cb23bdb80e0c.exe	28

C:\Users\Admin\AppData\Local\Temp\c8f074168a82b04049280aacebdb6d040db6a4cb741bbe17bd53cb23bdb80e0c.exe
"C:\Users\Admin\AppData\Local\Temp\c8f074168a82b04049280aacebdb6d040db6a4cb741bbe17bd53cb23bdb80e0c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1224
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 156
  2⤵
  - Program crash
  PID:940

memory/1224-54-0x0000000000400000-0x0000000001469000-memory.dmp

Filesize
16.4MB

Download
memory/1224-56-0x00000000037D0000-0x000000000427F000-memory.dmp

Filesize
10.7MB

Download
memory/1224-57-0x0000000000400000-0x0000000001469000-memory.dmp

Filesize
16.4MB

Download