232d8f24dded5935713eedb90a84c560c44063d0f1e448a4edc78f5f12210c64

Analysis

max time kernel
38s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 18:54

Target

232d8f24dded5935713eedb90a84c560c44063d0f1e448a4edc78f5f12210c64.exe
Size

1019KB
MD5

6548ea7589b695413941c6bce244b0a7
SHA1

fd9e8ae9a68820ce0eee7d26dc4980f491a831b1
SHA256

232d8f24dded5935713eedb90a84c560c44063d0f1e448a4edc78f5f12210c64
SHA512

a4c8df3d19ac8f3cec6fd4b0b986fc4997f235eb96dd4c45ef2117ded4851dcabf38175c6e69f2b1fe412b1717d7322310bd8f51722f9cd875c2d151b67be0ab
SSDEEP

24576:pGPSXx9mn0fT5qcKAc0OYbHmnHxxMNcSwF1en/9sJap74bV/+:pGs9m0r0v0NinHxSRwLeWKIg

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1684	2028	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1684	2028	232d8f24dded5935713eedb90a84c560c44063d0f1e448a4edc78f5f12210c64.exe	27
PID 2028 wrote to memory of 1684	2028	232d8f24dded5935713eedb90a84c560c44063d0f1e448a4edc78f5f12210c64.exe	27
PID 2028 wrote to memory of 1684	2028	232d8f24dded5935713eedb90a84c560c44063d0f1e448a4edc78f5f12210c64.exe	27
PID 2028 wrote to memory of 1684	2028	232d8f24dded5935713eedb90a84c560c44063d0f1e448a4edc78f5f12210c64.exe	27

C:\Users\Admin\AppData\Local\Temp\232d8f24dded5935713eedb90a84c560c44063d0f1e448a4edc78f5f12210c64.exe
"C:\Users\Admin\AppData\Local\Temp\232d8f24dded5935713eedb90a84c560c44063d0f1e448a4edc78f5f12210c64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 148
  2⤵
  - Program crash
  PID:1684

memory/1684-55-0x0000000000000000-mapping.dmp

Download
memory/2028-54-0x0000000075561000-0x0000000075563000-memory.dmp

Filesize
8KB

Download