948e39227ab4fd430df2a36aca90ffeb3f8a20c31cb9fffd7943de2b58317916

Analysis

max time kernel
10s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 20:58

Target

948e39227ab4fd430df2a36aca90ffeb3f8a20c31cb9fffd7943de2b58317916.exe
Size

264KB
MD5

496b29a009c11b63fb5bce8a82785650
SHA1

507facaaa3529938f1409e7ed987231c2f6027cb
SHA256

948e39227ab4fd430df2a36aca90ffeb3f8a20c31cb9fffd7943de2b58317916
SHA512

d07132f6dae6b9b4253db1b8d8384e9c7d3fe931967e03d6f9bdde001e38fe3b9347c0a87b1525960ccb5a58c7d29fac0ebe9c4c358aa54366173e2019a18ffb
SSDEEP

6144:2mlhQcd2FOQFxEBMvoN4BGUiEUOp04LSEFEiuVEHhmh:7lhQi2FnD2ZN4BG9fc6iHu

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
804	2004	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 804	2004	948e39227ab4fd430df2a36aca90ffeb3f8a20c31cb9fffd7943de2b58317916.exe	28
PID 2004 wrote to memory of 804	2004	948e39227ab4fd430df2a36aca90ffeb3f8a20c31cb9fffd7943de2b58317916.exe	28
PID 2004 wrote to memory of 804	2004	948e39227ab4fd430df2a36aca90ffeb3f8a20c31cb9fffd7943de2b58317916.exe	28
PID 2004 wrote to memory of 804	2004	948e39227ab4fd430df2a36aca90ffeb3f8a20c31cb9fffd7943de2b58317916.exe	28

C:\Users\Admin\AppData\Local\Temp\948e39227ab4fd430df2a36aca90ffeb3f8a20c31cb9fffd7943de2b58317916.exe
"C:\Users\Admin\AppData\Local\Temp\948e39227ab4fd430df2a36aca90ffeb3f8a20c31cb9fffd7943de2b58317916.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 180
  2⤵
  - Program crash
  PID:804

memory/2004-54-0x0000000075811000-0x0000000075813000-memory.dmp

Filesize
8KB

Download