64f74d261fb9ee4a49161a99a882954b8e077d18ddd576c950c3e06cca39e6b7

Analysis

max time kernel
38s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 08:10

Target

64f74d261fb9ee4a49161a99a882954b8e077d18ddd576c950c3e06cca39e6b7.exe
Size

32KB
MD5

6d52b1e363e4e2f7d413caf641ff031f
SHA1

af498c21dd955578d562c41eadabd646ee0a533c
SHA256

64f74d261fb9ee4a49161a99a882954b8e077d18ddd576c950c3e06cca39e6b7
SHA512

4149ec2875e8f1019814ba1cb313371854574dfa0159dc3813c81a25ed45c8b72ed53362295f00b2b02880a42f7bc0496fd32a74c526bac607c460be36fd2c49
SSDEEP

384:5XuN/Izf/MZPE8GoZdfyjSlAW0ZktDRav1mgMSJn:puN/kHMZPFGoZdqjSlF7ZwggTn

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
288	1056	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 288	1056	64f74d261fb9ee4a49161a99a882954b8e077d18ddd576c950c3e06cca39e6b7.exe	28
PID 1056 wrote to memory of 288	1056	64f74d261fb9ee4a49161a99a882954b8e077d18ddd576c950c3e06cca39e6b7.exe	28
PID 1056 wrote to memory of 288	1056	64f74d261fb9ee4a49161a99a882954b8e077d18ddd576c950c3e06cca39e6b7.exe	28
PID 1056 wrote to memory of 288	1056	64f74d261fb9ee4a49161a99a882954b8e077d18ddd576c950c3e06cca39e6b7.exe	28

C:\Users\Admin\AppData\Local\Temp\64f74d261fb9ee4a49161a99a882954b8e077d18ddd576c950c3e06cca39e6b7.exe
"C:\Users\Admin\AppData\Local\Temp\64f74d261fb9ee4a49161a99a882954b8e077d18ddd576c950c3e06cca39e6b7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 88
  2⤵
  - Program crash
  PID:288

memory/1056-54-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download