91baff378ad9713d5677334abaf717173b0faa603e061f9b2512932a7848044b

Analysis

max time kernel
233s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 08:50

Target

91baff378ad9713d5677334abaf717173b0faa603e061f9b2512932a7848044b.exe
Size

56KB
MD5

0ccd24fd7dc4dbc26a23eeeb23fe5bc0
SHA1

9ff542ff510da6765ae3eac9e6b033fe1f70d324
SHA256

91baff378ad9713d5677334abaf717173b0faa603e061f9b2512932a7848044b
SHA512

1d9ce9d6a08d3d2be493021ff451cc4cdb568460d68ec50939b76483187dafb58984f71f78baaf172c64a78dc0fc59da5b8d09ed0bdfa42ea7eac7e344b21cb8
SSDEEP

1536:le7TOaL8DZNZRRuUBB5Z0NQx2KLhTHpyfEBmZr2J6lw0Tecp:c7TOaL8DZNAUz5Z9xpLhd++mZj20TeO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1868	540	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 1868	540	91baff378ad9713d5677334abaf717173b0faa603e061f9b2512932a7848044b.exe	28
PID 540 wrote to memory of 1868	540	91baff378ad9713d5677334abaf717173b0faa603e061f9b2512932a7848044b.exe	28
PID 540 wrote to memory of 1868	540	91baff378ad9713d5677334abaf717173b0faa603e061f9b2512932a7848044b.exe	28
PID 540 wrote to memory of 1868	540	91baff378ad9713d5677334abaf717173b0faa603e061f9b2512932a7848044b.exe	28

C:\Users\Admin\AppData\Local\Temp\91baff378ad9713d5677334abaf717173b0faa603e061f9b2512932a7848044b.exe
"C:\Users\Admin\AppData\Local\Temp\91baff378ad9713d5677334abaf717173b0faa603e061f9b2512932a7848044b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:540
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 36
  2⤵
  - Program crash
  PID:1868

memory/540-55-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1868-54-0x0000000000000000-mapping.dmp

Download