90c224b52135e7f203ab0a371e2f88e0137f194a592b73bb645a23066231ce9d

Analysis

max time kernel
6s
max time network
36s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 01:31

Target

90c224b52135e7f203ab0a371e2f88e0137f194a592b73bb645a23066231ce9d.exe
Size

62KB
MD5

833e8a7730f5ea8fe9752d0d86a67bbe
SHA1

c59f8648246ae74f1b24df6bc190c602038017d0
SHA256

90c224b52135e7f203ab0a371e2f88e0137f194a592b73bb645a23066231ce9d
SHA512

8cb095d90bc13b9b5d6d08321f8b8a15c5286cae09b18b99add6df0149a44edcb0e6ee1b929119640316bfa8c961c4ac4a2aeca4bfb1c6c58a2a37bf8af112db
SSDEEP

1536:r3lTthdK38x0gyBkKmQYJvDNNVrURPoWDDCzAS:JZCgyBkKmQiv5fURPoqDC8S

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1372	1368	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 1372	1368	90c224b52135e7f203ab0a371e2f88e0137f194a592b73bb645a23066231ce9d.exe	28
PID 1368 wrote to memory of 1372	1368	90c224b52135e7f203ab0a371e2f88e0137f194a592b73bb645a23066231ce9d.exe	28
PID 1368 wrote to memory of 1372	1368	90c224b52135e7f203ab0a371e2f88e0137f194a592b73bb645a23066231ce9d.exe	28
PID 1368 wrote to memory of 1372	1368	90c224b52135e7f203ab0a371e2f88e0137f194a592b73bb645a23066231ce9d.exe	28

C:\Users\Admin\AppData\Local\Temp\90c224b52135e7f203ab0a371e2f88e0137f194a592b73bb645a23066231ce9d.exe
"C:\Users\Admin\AppData\Local\Temp\90c224b52135e7f203ab0a371e2f88e0137f194a592b73bb645a23066231ce9d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 36
  2⤵
  - Program crash
  PID:1372

memory/1368-55-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download