baaca04c716b5f52db5f622e05fdfd0152f18b296f95aee0138dd8eeabf37272

Analysis

max time kernel
33s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 04:06

Target

baaca04c716b5f52db5f622e05fdfd0152f18b296f95aee0138dd8eeabf37272.exe
Size

15KB
MD5

1e80c4084681f84a5ff0bd82720459f3
SHA1

5edf104c1d3b5f0155aa6ad767d53f6423485bf8
SHA256

baaca04c716b5f52db5f622e05fdfd0152f18b296f95aee0138dd8eeabf37272
SHA512

40b38df1326fec4432f8e8acbfb04af8ff19c7944610dd9fd6601f767cd922bf83b753ac6a93cef559661ab0f24b1e2d6d8848cd0536f88fa7007386b06d5a55
SSDEEP

192:NASy+LPYnngGsLHCcKjUUWA60/fwdSlvYJCzPhwfgaave8SiN6JAgT//:NASy+LgLsLHC6UZ/odSVKGh3HSzJAM/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
804	2004	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 804	2004	baaca04c716b5f52db5f622e05fdfd0152f18b296f95aee0138dd8eeabf37272.exe	28
PID 2004 wrote to memory of 804	2004	baaca04c716b5f52db5f622e05fdfd0152f18b296f95aee0138dd8eeabf37272.exe	28
PID 2004 wrote to memory of 804	2004	baaca04c716b5f52db5f622e05fdfd0152f18b296f95aee0138dd8eeabf37272.exe	28
PID 2004 wrote to memory of 804	2004	baaca04c716b5f52db5f622e05fdfd0152f18b296f95aee0138dd8eeabf37272.exe	28

C:\Users\Admin\AppData\Local\Temp\baaca04c716b5f52db5f622e05fdfd0152f18b296f95aee0138dd8eeabf37272.exe
"C:\Users\Admin\AppData\Local\Temp\baaca04c716b5f52db5f622e05fdfd0152f18b296f95aee0138dd8eeabf37272.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 152
  2⤵
  - Program crash
  PID:804

memory/2004-54-0x0000000075811000-0x0000000075813000-memory.dmp

Filesize
8KB

Download
memory/2004-56-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download