6680350f9c88e878bb85c778fdff4ca2db237f93cb714a797b38ed55ff81366f

Analysis

max time kernel
123s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 03:49

Target

6680350f9c88e878bb85c778fdff4ca2db237f93cb714a797b38ed55ff81366f.exe
Size

142KB
MD5

027d77b772646885495ee6bc9ce9fd05
SHA1

88a68a005a8b65539c5c06dea542d89a57705440
SHA256

6680350f9c88e878bb85c778fdff4ca2db237f93cb714a797b38ed55ff81366f
SHA512

6d162325a28e8a7f376978d078fe8893e6e4529d1412848a3e714b28a8777b1241518b041efb65dfaddb9140b70eec1c9007a9b2c713a5aef21e4dab9c2a9b57
SSDEEP

3072:FQKn0kJJ3aLjNR348Pb5E8MaIAmz0YQnxzGSAcb:FQK0qJ3uD48TIeFxzGSb

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
592	1224	WerFault.exe	10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1224 wrote to memory of 588	1224	6680350f9c88e878bb85c778fdff4ca2db237f93cb714a797b38ed55ff81366f.exe	28
PID 1224 wrote to memory of 588	1224	6680350f9c88e878bb85c778fdff4ca2db237f93cb714a797b38ed55ff81366f.exe	28
PID 1224 wrote to memory of 588	1224	6680350f9c88e878bb85c778fdff4ca2db237f93cb714a797b38ed55ff81366f.exe	28
PID 1224 wrote to memory of 588	1224	6680350f9c88e878bb85c778fdff4ca2db237f93cb714a797b38ed55ff81366f.exe	28
PID 1224 wrote to memory of 592	1224	6680350f9c88e878bb85c778fdff4ca2db237f93cb714a797b38ed55ff81366f.exe	29
PID 1224 wrote to memory of 592	1224	6680350f9c88e878bb85c778fdff4ca2db237f93cb714a797b38ed55ff81366f.exe	29
PID 1224 wrote to memory of 592	1224	6680350f9c88e878bb85c778fdff4ca2db237f93cb714a797b38ed55ff81366f.exe	29
PID 1224 wrote to memory of 592	1224	6680350f9c88e878bb85c778fdff4ca2db237f93cb714a797b38ed55ff81366f.exe	29

C:\Users\Admin\AppData\Local\Temp\6680350f9c88e878bb85c778fdff4ca2db237f93cb714a797b38ed55ff81366f.exe
"C:\Users\Admin\AppData\Local\Temp\6680350f9c88e878bb85c778fdff4ca2db237f93cb714a797b38ed55ff81366f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1224
- C:\Users\Admin\AppData\Local\Temp\6680350f9c88e878bb85c778fdff4ca2db237f93cb714a797b38ed55ff81366f.exe
  C:\Users\Admin\AppData\Local\Temp\6680350f9c88e878bb85c778fdff4ca2db237f93cb714a797b38ed55ff81366f.exe
  2⤵
  PID:588
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 144
  2⤵
  - Program crash
  PID:592

memory/1224-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download
memory/1224-55-0x0000000000548000-0x0000000000559000-memory.dmp

Filesize
68KB

Download
memory/1224-56-0x0000000000548000-0x0000000000559000-memory.dmp

Filesize
68KB

Download
memory/1224-57-0x0000000000548000-0x0000000000559000-memory.dmp

Filesize
68KB

Download