be31b0e83d1ea35e88c83ab20d3eb0ca1027fdfdb99725d908fff2265886ac25

Analysis

max time kernel
72s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 09:46

Target

be31b0e83d1ea35e88c83ab20d3eb0ca1027fdfdb99725d908fff2265886ac25.exe
Size

76KB
MD5

6ba7235f9e3b06ba43e1d99e699be4ee
SHA1

66025c43cacf61c33cabab625bebc7c8baeb8887
SHA256

be31b0e83d1ea35e88c83ab20d3eb0ca1027fdfdb99725d908fff2265886ac25
SHA512

6a0a633df7cfe66bbb10d3f989c8c59ef637a925c6fd35f7375e7d69c6fd14500e35d842d6af2ccca040d0b9d7d1cdcff6ac7ac766f48f8edc5e1201c3754628
SSDEEP

1536:z4eIEjjr75hFpWUD81eD8ZSb02gfjdC/LtL4qbGusU/edhZKz/U85:kIjjr73WC3am02gRmLZ4qH5ekT5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
268	432	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 268	432	be31b0e83d1ea35e88c83ab20d3eb0ca1027fdfdb99725d908fff2265886ac25.exe	28
PID 432 wrote to memory of 268	432	be31b0e83d1ea35e88c83ab20d3eb0ca1027fdfdb99725d908fff2265886ac25.exe	28
PID 432 wrote to memory of 268	432	be31b0e83d1ea35e88c83ab20d3eb0ca1027fdfdb99725d908fff2265886ac25.exe	28
PID 432 wrote to memory of 268	432	be31b0e83d1ea35e88c83ab20d3eb0ca1027fdfdb99725d908fff2265886ac25.exe	28

C:\Users\Admin\AppData\Local\Temp\be31b0e83d1ea35e88c83ab20d3eb0ca1027fdfdb99725d908fff2265886ac25.exe
"C:\Users\Admin\AppData\Local\Temp\be31b0e83d1ea35e88c83ab20d3eb0ca1027fdfdb99725d908fff2265886ac25.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:432
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 36
  2⤵
  - Program crash
  PID:268

memory/432-55-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download