c84fce423aedb9ed07ecf0882657d21f8672e435ddb1836042d454b337fbb850

Analysis

max time kernel
35s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 13:20

Target

c84fce423aedb9ed07ecf0882657d21f8672e435ddb1836042d454b337fbb850.exe
Size

115KB
MD5

cfb9678d90d35a2e1cf8b2c49698553f
SHA1

2e607c8a5d5658ee230005fc3cae726bdeadb6b1
SHA256

c84fce423aedb9ed07ecf0882657d21f8672e435ddb1836042d454b337fbb850
SHA512

ba7039def8706e259f24f2585ac738f1cd207fa826fc9e04a68f7b5bd6aa66bd73afd8560661c89ed44acabfe68875ea7a324215a2657c35058ed3a75e5b102a
SSDEEP

1536:W++fq6M5b9NqTxV67wAInyAeG+90MHJaOsp1gMcEELZ2G6QNgRtOOOOOOOOEQ6:W++VMoTxyi9e7O1cXLogWRq

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
680	992	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 992 wrote to memory of 680	992	c84fce423aedb9ed07ecf0882657d21f8672e435ddb1836042d454b337fbb850.exe	28
PID 992 wrote to memory of 680	992	c84fce423aedb9ed07ecf0882657d21f8672e435ddb1836042d454b337fbb850.exe	28
PID 992 wrote to memory of 680	992	c84fce423aedb9ed07ecf0882657d21f8672e435ddb1836042d454b337fbb850.exe	28
PID 992 wrote to memory of 680	992	c84fce423aedb9ed07ecf0882657d21f8672e435ddb1836042d454b337fbb850.exe	28

C:\Users\Admin\AppData\Local\Temp\c84fce423aedb9ed07ecf0882657d21f8672e435ddb1836042d454b337fbb850.exe
"C:\Users\Admin\AppData\Local\Temp\c84fce423aedb9ed07ecf0882657d21f8672e435ddb1836042d454b337fbb850.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:992
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 52
  2⤵
  - Program crash
  PID:680

memory/680-54-0x0000000000000000-mapping.dmp

Download
memory/992-55-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download