86d13ec728f8374ef9de0483ff43b5c9f12271d2349d60dc367b19e338d05c10

Analysis

max time kernel
38s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 14:04

Target

86d13ec728f8374ef9de0483ff43b5c9f12271d2349d60dc367b19e338d05c10.exe
Size

89KB
MD5

ec578027b4039737cf57ea8c4855dddb
SHA1

6572b17196afb566f0c5ca35baefa84d666e3e69
SHA256

86d13ec728f8374ef9de0483ff43b5c9f12271d2349d60dc367b19e338d05c10
SHA512

08598a263900c22ca002870d45223e6a096ee0fac3176a7a1467ece23bad05030035e4fbb0fe7188fcf1da179b82c0447173fc451e6a3d07cdef7bcc32901d86
SSDEEP

1536:dC6cIJDCV9qcOb6I630Cef5+EDC9q4E9Wq6U0mURXjuc9Fr8gvsfvh9LoKWlu+W:d5cwC2A/30LfwEDC9zE83ljd14Mhlu

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1460	1504	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 1460	1504	86d13ec728f8374ef9de0483ff43b5c9f12271d2349d60dc367b19e338d05c10.exe	26
PID 1504 wrote to memory of 1460	1504	86d13ec728f8374ef9de0483ff43b5c9f12271d2349d60dc367b19e338d05c10.exe	26
PID 1504 wrote to memory of 1460	1504	86d13ec728f8374ef9de0483ff43b5c9f12271d2349d60dc367b19e338d05c10.exe	26
PID 1504 wrote to memory of 1460	1504	86d13ec728f8374ef9de0483ff43b5c9f12271d2349d60dc367b19e338d05c10.exe	26

C:\Users\Admin\AppData\Local\Temp\86d13ec728f8374ef9de0483ff43b5c9f12271d2349d60dc367b19e338d05c10.exe
"C:\Users\Admin\AppData\Local\Temp\86d13ec728f8374ef9de0483ff43b5c9f12271d2349d60dc367b19e338d05c10.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 44
  2⤵
  - Program crash
  PID:1460

memory/1504-54-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download