fd7b1a2456403992572de676e2076c9eeef90c05a96703e34118d97e48d9eb0a

Analysis

max time kernel
36s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 02:06

Target

fd7b1a2456403992572de676e2076c9eeef90c05a96703e34118d97e48d9eb0a.exe
Size

24KB
MD5

b6380365ce8363a1a1096c5a0554b97b
SHA1

099ffc8e75061cf3d2c5febec1f43fce9ef03c50
SHA256

fd7b1a2456403992572de676e2076c9eeef90c05a96703e34118d97e48d9eb0a
SHA512

cc28a431ebe693cb45554a388d3c82b0baef4337d0edfb4db03a2e43d660c9063836f607722eab7e5e50122775eb0f91b2968cdcade844da41d5790f0f29cdbe
SSDEEP

6:iz3SsEu9/YM8X2eApx3SP1BORIBvuJKQmQ:wT9/YM8XW/yORIBvuJ5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1956	1476	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 1956	1476	fd7b1a2456403992572de676e2076c9eeef90c05a96703e34118d97e48d9eb0a.exe	27
PID 1476 wrote to memory of 1956	1476	fd7b1a2456403992572de676e2076c9eeef90c05a96703e34118d97e48d9eb0a.exe	27
PID 1476 wrote to memory of 1956	1476	fd7b1a2456403992572de676e2076c9eeef90c05a96703e34118d97e48d9eb0a.exe	27
PID 1476 wrote to memory of 1956	1476	fd7b1a2456403992572de676e2076c9eeef90c05a96703e34118d97e48d9eb0a.exe	27

C:\Users\Admin\AppData\Local\Temp\fd7b1a2456403992572de676e2076c9eeef90c05a96703e34118d97e48d9eb0a.exe
"C:\Users\Admin\AppData\Local\Temp\fd7b1a2456403992572de676e2076c9eeef90c05a96703e34118d97e48d9eb0a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 88
  2⤵
  - Program crash
  PID:1956

memory/1476-54-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1956-55-0x0000000000000000-mapping.dmp

Download