c539a6bf5f69dc7a9d76dbf67c08f74ddcd48bc0631132b5edf1734bad1f3a84

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 13:34

Target

c539a6bf5f69dc7a9d76dbf67c08f74ddcd48bc0631132b5edf1734bad1f3a84.exe
Size

164KB
MD5

333d29d557dafd4f9453f20f555b2b3b
SHA1

8d0759448f9ed7ba5a0e1abdcc0a3c75f4f40fd3
SHA256

c539a6bf5f69dc7a9d76dbf67c08f74ddcd48bc0631132b5edf1734bad1f3a84
SHA512

583d71c4d98ec0f4ed8eef2d7f1b724a6a8fcce9cd875c2c85d5c91aa011377b4dd0cdb2c6aee8825eaa9b97dfd5589573d2f8eb8d8af6244a2f7d22a32a0bf9
SSDEEP

3072:p49xGRIHOlD+vRAw0R5mb5u5c+uuvRzsX+gukXM:yxGRIupE0eb5a9uuZ2zc

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1620	364	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 364 wrote to memory of 1620	364	c539a6bf5f69dc7a9d76dbf67c08f74ddcd48bc0631132b5edf1734bad1f3a84.exe	26
PID 364 wrote to memory of 1620	364	c539a6bf5f69dc7a9d76dbf67c08f74ddcd48bc0631132b5edf1734bad1f3a84.exe	26
PID 364 wrote to memory of 1620	364	c539a6bf5f69dc7a9d76dbf67c08f74ddcd48bc0631132b5edf1734bad1f3a84.exe	26
PID 364 wrote to memory of 1620	364	c539a6bf5f69dc7a9d76dbf67c08f74ddcd48bc0631132b5edf1734bad1f3a84.exe	26

C:\Users\Admin\AppData\Local\Temp\c539a6bf5f69dc7a9d76dbf67c08f74ddcd48bc0631132b5edf1734bad1f3a84.exe
"C:\Users\Admin\AppData\Local\Temp\c539a6bf5f69dc7a9d76dbf67c08f74ddcd48bc0631132b5edf1734bad1f3a84.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 92
  2⤵
  - Program crash
  PID:1620

memory/364-55-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download