eb90c21362ddb172fc2e5afff6e31a14c73d66b843181cfbe08072aa26af5674

Analysis

max time kernel
39s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 06:30

Target

eb90c21362ddb172fc2e5afff6e31a14c73d66b843181cfbe08072aa26af5674.exe
Size

38KB
MD5

e4bc459983054b3f74220eb23f270026
SHA1

70871d70ad5eb24d4915679b200e7b1c9c682337
SHA256

eb90c21362ddb172fc2e5afff6e31a14c73d66b843181cfbe08072aa26af5674
SHA512

7cbb2842d553ffdf2100e20f0de9507d268b149221bfee80610c7fff2e410dc9b5b902ae83e14a30e49519112e68be4fad4df9026959180ae5355572ceeb1d69
SSDEEP

768:ezHX5UT9a9BxC5N8NQip75bR4IMsG5lmy:eLGTEzI5CQm75dKsGl

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1732	1412	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 1732	1412	eb90c21362ddb172fc2e5afff6e31a14c73d66b843181cfbe08072aa26af5674.exe	27
PID 1412 wrote to memory of 1732	1412	eb90c21362ddb172fc2e5afff6e31a14c73d66b843181cfbe08072aa26af5674.exe	27
PID 1412 wrote to memory of 1732	1412	eb90c21362ddb172fc2e5afff6e31a14c73d66b843181cfbe08072aa26af5674.exe	27
PID 1412 wrote to memory of 1732	1412	eb90c21362ddb172fc2e5afff6e31a14c73d66b843181cfbe08072aa26af5674.exe	27

C:\Users\Admin\AppData\Local\Temp\eb90c21362ddb172fc2e5afff6e31a14c73d66b843181cfbe08072aa26af5674.exe
"C:\Users\Admin\AppData\Local\Temp\eb90c21362ddb172fc2e5afff6e31a14c73d66b843181cfbe08072aa26af5674.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 116
  2⤵
  - Program crash
  PID:1732

memory/1412-54-0x0000000075771000-0x0000000075773000-memory.dmp

Filesize
8KB

Download
memory/1412-56-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download