70420eee3423abbf9905752135c427ba679ee17cf1cfd9b0eb3cfab19f570cbd

Analysis

max time kernel
30s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 03:41

Target

70420eee3423abbf9905752135c427ba679ee17cf1cfd9b0eb3cfab19f570cbd.exe
Size

259KB
MD5

0f57f486150ce7b322a1b6d8bb97df02
SHA1

1aa39f85ba421255456646b2ff6630e7b160af51
SHA256

70420eee3423abbf9905752135c427ba679ee17cf1cfd9b0eb3cfab19f570cbd
SHA512

44088d43c542a5424f88a79cbc6d7be94e481a0191913b0553960d15d55ba85b2b927a2a1fe177c2d7c7d73819957713d91907ceb5eff9e9db7fdba6b78bb96a
SSDEEP

3072:RnnAQVG/LytaKItS/fiLKS+f5Aq7iVs11fJ2lKY3fsntI0r6lNSYkkerMt54UnOZ:5OTeHI8HiL7+f5N11hPG0n6SJaC6TA1P

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1700	1536	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 1700	1536	70420eee3423abbf9905752135c427ba679ee17cf1cfd9b0eb3cfab19f570cbd.exe	28
PID 1536 wrote to memory of 1700	1536	70420eee3423abbf9905752135c427ba679ee17cf1cfd9b0eb3cfab19f570cbd.exe	28
PID 1536 wrote to memory of 1700	1536	70420eee3423abbf9905752135c427ba679ee17cf1cfd9b0eb3cfab19f570cbd.exe	28
PID 1536 wrote to memory of 1700	1536	70420eee3423abbf9905752135c427ba679ee17cf1cfd9b0eb3cfab19f570cbd.exe	28

C:\Users\Admin\AppData\Local\Temp\70420eee3423abbf9905752135c427ba679ee17cf1cfd9b0eb3cfab19f570cbd.exe
"C:\Users\Admin\AppData\Local\Temp\70420eee3423abbf9905752135c427ba679ee17cf1cfd9b0eb3cfab19f570cbd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 172
  2⤵
  - Program crash
  PID:1700

memory/1536-54-0x00000000764C1000-0x00000000764C3000-memory.dmp

Filesize
8KB

Download
memory/1536-56-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1700-55-0x0000000000000000-mapping.dmp

Download