d104564623a0578d44b7193833078f8186048d44d9e1babbd119994f46a63829

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 04:52

Target

d104564623a0578d44b7193833078f8186048d44d9e1babbd119994f46a63829.exe
Size

89KB
MD5

f0b3d28c2af04ed402c097fd83a4da00
SHA1

4a888361fc4db9d30729a9c451addf4dbc82a392
SHA256

d104564623a0578d44b7193833078f8186048d44d9e1babbd119994f46a63829
SHA512

166f1b6f4f0af6a5d04607a60e5769527a5211b0652fff9592121b09b6c91f8233aad48ab526eec468b82fc41b7667060016d3eb07575071150dc5e34a6a76dd
SSDEEP

1536:A8I606hO+RKs3rVxohudPI63ZfD+kl2qSnNhXe+DfOaESThIhgC:A8I16hT7VxohuJfhiP9fOPT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1344	1204	WerFault.exe	23

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 1344	1204	d104564623a0578d44b7193833078f8186048d44d9e1babbd119994f46a63829.exe	27
PID 1204 wrote to memory of 1344	1204	d104564623a0578d44b7193833078f8186048d44d9e1babbd119994f46a63829.exe	27
PID 1204 wrote to memory of 1344	1204	d104564623a0578d44b7193833078f8186048d44d9e1babbd119994f46a63829.exe	27
PID 1204 wrote to memory of 1344	1204	d104564623a0578d44b7193833078f8186048d44d9e1babbd119994f46a63829.exe	27

C:\Users\Admin\AppData\Local\Temp\d104564623a0578d44b7193833078f8186048d44d9e1babbd119994f46a63829.exe
"C:\Users\Admin\AppData\Local\Temp\d104564623a0578d44b7193833078f8186048d44d9e1babbd119994f46a63829.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 152
  2⤵
  - Program crash
  PID:1344

memory/1204-55-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download