e1dd69d90809976545268256f587c6547e57c306c71daed503d8ce3b8877abb0

Analysis

max time kernel
21s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 21:23

Target

e1dd69d90809976545268256f587c6547e57c306c71daed503d8ce3b8877abb0.exe
Size

97KB
MD5

732b3cf0c35e83abf151bac395142a29
SHA1

6c239b562af1dcdbacee9bca3d6b89c4ba39ac98
SHA256

e1dd69d90809976545268256f587c6547e57c306c71daed503d8ce3b8877abb0
SHA512

deafcafcdc3af39755f09c9e4e6ed19a8d61a9b5ecdb714e0e433a5d9c994c001926201c5643a79ba9514ebf57420e93236c5f0f1ab994da2d108c9b55a915e3
SSDEEP

1536:34qhZXalsHtdwl0lo+4EMMyO3OexOSEowTw9SMnxzvRgJoxDWqfqNII2Ca2B:ZhZTHt6+lI/HUOjSiTDMx7JEqfqg2B

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1580	1672	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1580	1672	e1dd69d90809976545268256f587c6547e57c306c71daed503d8ce3b8877abb0.exe	27
PID 1672 wrote to memory of 1580	1672	e1dd69d90809976545268256f587c6547e57c306c71daed503d8ce3b8877abb0.exe	27
PID 1672 wrote to memory of 1580	1672	e1dd69d90809976545268256f587c6547e57c306c71daed503d8ce3b8877abb0.exe	27
PID 1672 wrote to memory of 1580	1672	e1dd69d90809976545268256f587c6547e57c306c71daed503d8ce3b8877abb0.exe	27

C:\Users\Admin\AppData\Local\Temp\e1dd69d90809976545268256f587c6547e57c306c71daed503d8ce3b8877abb0.exe
"C:\Users\Admin\AppData\Local\Temp\e1dd69d90809976545268256f587c6547e57c306c71daed503d8ce3b8877abb0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 168
  2⤵
  - Program crash
  PID:1580

memory/1672-54-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

Filesize
8KB

Download