ba6a893429af3745e823be5aa39a1be0bf1c753b067edef51e7fd0e9ee1f2aff

Analysis

max time kernel
56s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 02:43

Target

ba6a893429af3745e823be5aa39a1be0bf1c753b067edef51e7fd0e9ee1f2aff.exe
Size

39KB
MD5

a74af4de9996df9bfeabece623e5b495
SHA1

2262fbde40ddc9d147b036eba4900a0ad84abc95
SHA256

ba6a893429af3745e823be5aa39a1be0bf1c753b067edef51e7fd0e9ee1f2aff
SHA512

ab1a370c93473a356c0914f86b8de13f949621177cbaf97b79cb6e70925066bf106b693c85be79fc851be3c895d6cbc99b2b68ccab421acb4a34906b385d5e4f
SSDEEP

768:M29rQtaEM9MEBuYQ44grlLsKlIzvypDkmOVcwtvWYfBABAH3LElKfsE/9ciE:JcQEkME7T5oMOVcwpWY5XLEMfsE/9ciE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
672	528	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 528 wrote to memory of 672	528	ba6a893429af3745e823be5aa39a1be0bf1c753b067edef51e7fd0e9ee1f2aff.exe	27
PID 528 wrote to memory of 672	528	ba6a893429af3745e823be5aa39a1be0bf1c753b067edef51e7fd0e9ee1f2aff.exe	27
PID 528 wrote to memory of 672	528	ba6a893429af3745e823be5aa39a1be0bf1c753b067edef51e7fd0e9ee1f2aff.exe	27
PID 528 wrote to memory of 672	528	ba6a893429af3745e823be5aa39a1be0bf1c753b067edef51e7fd0e9ee1f2aff.exe	27

C:\Users\Admin\AppData\Local\Temp\ba6a893429af3745e823be5aa39a1be0bf1c753b067edef51e7fd0e9ee1f2aff.exe
"C:\Users\Admin\AppData\Local\Temp\ba6a893429af3745e823be5aa39a1be0bf1c753b067edef51e7fd0e9ee1f2aff.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:528
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 124
  2⤵
  - Program crash
  PID:672

memory/528-54-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download