921746cf8489711fa5789d29f35d5094c7fba9c6724332f2a2999e4b02344766

Analysis

max time kernel
3s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 21:08

Target

921746cf8489711fa5789d29f35d5094c7fba9c6724332f2a2999e4b02344766.exe
Size

25KB
MD5

db9f922b7999fa8ea609c4c260e724d0
SHA1

8457bf31475077f654d020ac1c7fce9a424a4bd4
SHA256

921746cf8489711fa5789d29f35d5094c7fba9c6724332f2a2999e4b02344766
SHA512

9aee84ae130dd78e01e311a19ffe583c75486dfdf28e067ca5081df584cc184f810d82ef496d2b1c5feb1ec0da98365a299e017ee94cd4ce51aa892aeb509cc9
SSDEEP

768:mddMm/3yuVR9ZEwhjlTpGf+iU3H8u+IheO17y5ra:mdS2L7pj2BGL+IheuCra

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1884	1452	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 1884	1452	921746cf8489711fa5789d29f35d5094c7fba9c6724332f2a2999e4b02344766.exe	28
PID 1452 wrote to memory of 1884	1452	921746cf8489711fa5789d29f35d5094c7fba9c6724332f2a2999e4b02344766.exe	28
PID 1452 wrote to memory of 1884	1452	921746cf8489711fa5789d29f35d5094c7fba9c6724332f2a2999e4b02344766.exe	28
PID 1452 wrote to memory of 1884	1452	921746cf8489711fa5789d29f35d5094c7fba9c6724332f2a2999e4b02344766.exe	28

C:\Users\Admin\AppData\Local\Temp\921746cf8489711fa5789d29f35d5094c7fba9c6724332f2a2999e4b02344766.exe
"C:\Users\Admin\AppData\Local\Temp\921746cf8489711fa5789d29f35d5094c7fba9c6724332f2a2999e4b02344766.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 44
  2⤵
  - Program crash
  PID:1884

memory/1452-54-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download