b9076bc55f035a5d9af361f7b42e497f02ce31bf2e7e983aefb74d37009382b8

Analysis

max time kernel
22s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 06:54

Target

b9076bc55f035a5d9af361f7b42e497f02ce31bf2e7e983aefb74d37009382b8.exe
Size

28KB
MD5

c2e6a32b916b2a17829b340d21b626b5
SHA1

395bc3835c8d676dc705e84ec2b31b090a1dffcd
SHA256

b9076bc55f035a5d9af361f7b42e497f02ce31bf2e7e983aefb74d37009382b8
SHA512

8e7e3bceeb1b98d8043acb4d283a8c8cbd3e59514f939d0ae6b63ddc035590e6fbc852d09f0f6d8f640c9de5f58b1764d2281816a460ad3490484eb1981f7342
SSDEEP

768:DoZ/N4Xu7w17dn4gqz8e5UFWmODgs5yJXCuCnJ7KYI+dQ5R1:DM4MQV4+p+gs5OSucJ7q+I1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1988	1692	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 1988	1692	b9076bc55f035a5d9af361f7b42e497f02ce31bf2e7e983aefb74d37009382b8.exe	28
PID 1692 wrote to memory of 1988	1692	b9076bc55f035a5d9af361f7b42e497f02ce31bf2e7e983aefb74d37009382b8.exe	28
PID 1692 wrote to memory of 1988	1692	b9076bc55f035a5d9af361f7b42e497f02ce31bf2e7e983aefb74d37009382b8.exe	28
PID 1692 wrote to memory of 1988	1692	b9076bc55f035a5d9af361f7b42e497f02ce31bf2e7e983aefb74d37009382b8.exe	28

C:\Users\Admin\AppData\Local\Temp\b9076bc55f035a5d9af361f7b42e497f02ce31bf2e7e983aefb74d37009382b8.exe
"C:\Users\Admin\AppData\Local\Temp\b9076bc55f035a5d9af361f7b42e497f02ce31bf2e7e983aefb74d37009382b8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 116
  2⤵
  - Program crash
  PID:1988

memory/1692-54-0x0000000076651000-0x0000000076653000-memory.dmp

Filesize
8KB

Download
memory/1692-56-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1692-57-0x0000000000220000-0x0000000000225000-memory.dmp

Filesize
20KB

Download