d4ef66395e7883077677d15c788861c75217f022b137e671a3600e02d58d1cad

Analysis

max time kernel
32s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 14:16

Target

d4ef66395e7883077677d15c788861c75217f022b137e671a3600e02d58d1cad.exe
Size

150KB
MD5

a2212b12ee8173caecf393fa3b77ab0e
SHA1

781cd40b978edd0bc2c2e4c9aae7787238584420
SHA256

d4ef66395e7883077677d15c788861c75217f022b137e671a3600e02d58d1cad
SHA512

6fb051a3ef2f7485eeddc196deeda892fe771ac55d3f3e642b81ed8d3dfb675253cd25b302213e4bb8266889c229034a7458ffcc8ffa0b338264a903de14eb5e
SSDEEP

3072:eVmFtmbeFwFvsl12Cnj9+E3y+9WrWJhss19dSQwrTo:gwmkwFvdCygzPHO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
908	1832	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 908	1832	d4ef66395e7883077677d15c788861c75217f022b137e671a3600e02d58d1cad.exe	28
PID 1832 wrote to memory of 908	1832	d4ef66395e7883077677d15c788861c75217f022b137e671a3600e02d58d1cad.exe	28
PID 1832 wrote to memory of 908	1832	d4ef66395e7883077677d15c788861c75217f022b137e671a3600e02d58d1cad.exe	28
PID 1832 wrote to memory of 908	1832	d4ef66395e7883077677d15c788861c75217f022b137e671a3600e02d58d1cad.exe	28

C:\Users\Admin\AppData\Local\Temp\d4ef66395e7883077677d15c788861c75217f022b137e671a3600e02d58d1cad.exe
"C:\Users\Admin\AppData\Local\Temp\d4ef66395e7883077677d15c788861c75217f022b137e671a3600e02d58d1cad.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 48
  2⤵
  - Program crash
  PID:908

memory/908-54-0x0000000000000000-mapping.dmp

Download
memory/1832-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download