a922c3cc0b551f07ede7422085af26e4c697cd2fe49507fc18dc7b5a64f68ec9

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 15:48

Target

a922c3cc0b551f07ede7422085af26e4c697cd2fe49507fc18dc7b5a64f68ec9.exe
Size

184KB
MD5

d97d51cb6a056c4e7853e7fd34f6cefc
SHA1

30bdf887f318e453141fc6159008bf1acfeddd36
SHA256

a922c3cc0b551f07ede7422085af26e4c697cd2fe49507fc18dc7b5a64f68ec9
SHA512

e13d91ea975f2db80f0048eb942c72cb1fcf68f44b1ce7a68c64e2bcc8c9e837001bcd15fcd60599832879a26a7f4c072e991d188713ae8dadbbbc20b78026f9
SSDEEP

3072:q7Aft9jmyl76T6oEC0wnw9qiJYgqaoX4+6sPekI9FtBYoLAlqNUw9t4c:QAmyesqiJYnaC4yP4rzUwsc

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
872	1440	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 872	1440	a922c3cc0b551f07ede7422085af26e4c697cd2fe49507fc18dc7b5a64f68ec9.exe	28
PID 1440 wrote to memory of 872	1440	a922c3cc0b551f07ede7422085af26e4c697cd2fe49507fc18dc7b5a64f68ec9.exe	28
PID 1440 wrote to memory of 872	1440	a922c3cc0b551f07ede7422085af26e4c697cd2fe49507fc18dc7b5a64f68ec9.exe	28
PID 1440 wrote to memory of 872	1440	a922c3cc0b551f07ede7422085af26e4c697cd2fe49507fc18dc7b5a64f68ec9.exe	28

C:\Users\Admin\AppData\Local\Temp\a922c3cc0b551f07ede7422085af26e4c697cd2fe49507fc18dc7b5a64f68ec9.exe
"C:\Users\Admin\AppData\Local\Temp\a922c3cc0b551f07ede7422085af26e4c697cd2fe49507fc18dc7b5a64f68ec9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 36
  2⤵
  - Program crash
  PID:872

memory/872-54-0x0000000000000000-mapping.dmp

Download
memory/1440-55-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download