ffd999c33a12042be01ae2626dcf272537820c93c42e519285abd17981833979

Analysis

max time kernel
3s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 15:44

Target

ffd999c33a12042be01ae2626dcf272537820c93c42e519285abd17981833979.exe
Size

72KB
MD5

d3841b0a658b70194f73b0ba105f792f
SHA1

b3da74cc0190df5e6f19ac21fe662b3dcbd8eed3
SHA256

ffd999c33a12042be01ae2626dcf272537820c93c42e519285abd17981833979
SHA512

3a29cf73fb068c33052d93762ac307432a52767998c730107fbe883134f9c4b008dc1fb5db821a6749e72bb20056ef8fb9045516957755aca2a3edfa8d8a599d
SSDEEP

1536:ZUFQfEcm/El8Vq1wLf/fyud+Li3f1zwQVgvmA:Zkp8aqMnfymIiv1zwLvmA

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1972	1788	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 1972	1788	ffd999c33a12042be01ae2626dcf272537820c93c42e519285abd17981833979.exe	28
PID 1788 wrote to memory of 1972	1788	ffd999c33a12042be01ae2626dcf272537820c93c42e519285abd17981833979.exe	28
PID 1788 wrote to memory of 1972	1788	ffd999c33a12042be01ae2626dcf272537820c93c42e519285abd17981833979.exe	28
PID 1788 wrote to memory of 1972	1788	ffd999c33a12042be01ae2626dcf272537820c93c42e519285abd17981833979.exe	28

C:\Users\Admin\AppData\Local\Temp\ffd999c33a12042be01ae2626dcf272537820c93c42e519285abd17981833979.exe
"C:\Users\Admin\AppData\Local\Temp\ffd999c33a12042be01ae2626dcf272537820c93c42e519285abd17981833979.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 36
  2⤵
  - Program crash
  PID:1972

memory/1788-54-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download