824e06056104251c6e7db0a9baa327d4ed3a7a3653b974851d470af33b796e53

Analysis

max time kernel
234s
max time network
333s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 12:29

Target

824e06056104251c6e7db0a9baa327d4ed3a7a3653b974851d470af33b796e53.exe
Size

607KB
MD5

9e4e0f9c1b1628d3f76db5dfbab1bced
SHA1

6461971a8795be8a46d01edac8b4cc5ba120d5b1
SHA256

824e06056104251c6e7db0a9baa327d4ed3a7a3653b974851d470af33b796e53
SHA512

b3570cdf80cbdd6e7be26b9670dd9283abc78c8ea0054d83afcf4e13f628f37485596216a5800c50a4210c764fd48649fbc67b4df5789b0dd0f9ddada2b86e02
SSDEEP

12288:Jqw1I56CaT9yPJSYLRKWkAaup/1Znqrdrr6Janpg4ZW8yVQPgy:BvbQqQvzYn1ZhUi

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1692	332	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 332 wrote to memory of 1692	332	824e06056104251c6e7db0a9baa327d4ed3a7a3653b974851d470af33b796e53.exe	29
PID 332 wrote to memory of 1692	332	824e06056104251c6e7db0a9baa327d4ed3a7a3653b974851d470af33b796e53.exe	29
PID 332 wrote to memory of 1692	332	824e06056104251c6e7db0a9baa327d4ed3a7a3653b974851d470af33b796e53.exe	29
PID 332 wrote to memory of 1692	332	824e06056104251c6e7db0a9baa327d4ed3a7a3653b974851d470af33b796e53.exe	29

C:\Users\Admin\AppData\Local\Temp\824e06056104251c6e7db0a9baa327d4ed3a7a3653b974851d470af33b796e53.exe
"C:\Users\Admin\AppData\Local\Temp\824e06056104251c6e7db0a9baa327d4ed3a7a3653b974851d470af33b796e53.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:332
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 132
  2⤵
  - Program crash
  PID:1692

memory/332-54-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/332-55-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download
memory/332-57-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download