f9583d5dbb483472396cc99edecd8bad6c2e2bc959d62f9d41b1dbc6363af257

Analysis

max time kernel
3s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 22:19

Target

f9583d5dbb483472396cc99edecd8bad6c2e2bc959d62f9d41b1dbc6363af257.exe
Size

452KB
MD5

0ed051551ef0b27e277f108d715677f0
SHA1

f6c02d78543616fad6afecaf51ba85f160e78313
SHA256

f9583d5dbb483472396cc99edecd8bad6c2e2bc959d62f9d41b1dbc6363af257
SHA512

3dbdf3a391f5b69f5bac0d24437ab3e4278b178374a8214bacc8adb2e5e013bee8eb2af3fb02981e16f7b37e0d69877acffedb5fc4e013224e5bb3184b1c99eb
SSDEEP

6144:51VHdIgi71nAv/szQIzf4Zj3JVyN/Y53fZ6ZsVb7:/VHdInSssIWjPy9Y53B6A7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
896	1472	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 896	1472	f9583d5dbb483472396cc99edecd8bad6c2e2bc959d62f9d41b1dbc6363af257.exe	28
PID 1472 wrote to memory of 896	1472	f9583d5dbb483472396cc99edecd8bad6c2e2bc959d62f9d41b1dbc6363af257.exe	28
PID 1472 wrote to memory of 896	1472	f9583d5dbb483472396cc99edecd8bad6c2e2bc959d62f9d41b1dbc6363af257.exe	28
PID 1472 wrote to memory of 896	1472	f9583d5dbb483472396cc99edecd8bad6c2e2bc959d62f9d41b1dbc6363af257.exe	28

C:\Users\Admin\AppData\Local\Temp\f9583d5dbb483472396cc99edecd8bad6c2e2bc959d62f9d41b1dbc6363af257.exe
"C:\Users\Admin\AppData\Local\Temp\f9583d5dbb483472396cc99edecd8bad6c2e2bc959d62f9d41b1dbc6363af257.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 148
  2⤵
  - Program crash
  PID:896

memory/896-54-0x0000000000000000-mapping.dmp

Download
memory/1472-55-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download