94cc7bb0a4a96b5fa163a1a7eaddf93c7fe620e19230fe614dfb548061a44686

Analysis

max time kernel
24s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 20:57

Target

94cc7bb0a4a96b5fa163a1a7eaddf93c7fe620e19230fe614dfb548061a44686.exe
Size

151KB
MD5

d49bf95e141ec51bad487f57944e7ea5
SHA1

fdfc9bf7e212bd4477d6223219b6def23d69af1b
SHA256

94cc7bb0a4a96b5fa163a1a7eaddf93c7fe620e19230fe614dfb548061a44686
SHA512

099fe7a7b4156fbd24e5b1b116d17cad9199fa2e66e990f3356771d645c8ae6b71fc757659eb366c8ddc6cf8794bb3925889733c3b4f6e47494586657ad09cac
SSDEEP

3072:5kVDDBSqao9c3HwsanTdgyOxsP+f+sSheJPP:ISqjc3HsTaxoq7Sh0X

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1968	1980	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 1968	1980	94cc7bb0a4a96b5fa163a1a7eaddf93c7fe620e19230fe614dfb548061a44686.exe	28
PID 1980 wrote to memory of 1968	1980	94cc7bb0a4a96b5fa163a1a7eaddf93c7fe620e19230fe614dfb548061a44686.exe	28
PID 1980 wrote to memory of 1968	1980	94cc7bb0a4a96b5fa163a1a7eaddf93c7fe620e19230fe614dfb548061a44686.exe	28
PID 1980 wrote to memory of 1968	1980	94cc7bb0a4a96b5fa163a1a7eaddf93c7fe620e19230fe614dfb548061a44686.exe	28

C:\Users\Admin\AppData\Local\Temp\94cc7bb0a4a96b5fa163a1a7eaddf93c7fe620e19230fe614dfb548061a44686.exe
"C:\Users\Admin\AppData\Local\Temp\94cc7bb0a4a96b5fa163a1a7eaddf93c7fe620e19230fe614dfb548061a44686.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 92
  2⤵
  - Program crash
  PID:1968

memory/1980-55-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download