c33063dfb3bf404b3dc0ddc8ecc646359eaf21d1af8948253b2427094b310cb6

Analysis

max time kernel
10s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 05:27

Target

c33063dfb3bf404b3dc0ddc8ecc646359eaf21d1af8948253b2427094b310cb6.exe
Size

7KB
MD5

93b4aa6bc72e12aeb0b499829cf479db
SHA1

1c91f77b87cea2fc79e2224cc3724be1ab3a54fe
SHA256

c33063dfb3bf404b3dc0ddc8ecc646359eaf21d1af8948253b2427094b310cb6
SHA512

254c754e8edb1e0441a8b69e0cf9321ebdcb74918b3fe4357af65e9332924c18c3197e182194cbd932b2fa224f38befd8f3015eec3d96f96f5956e8c2d3cf199
SSDEEP

96:YxRggA+I9R4SVMbgr4hBDdGp57sxlWGq2F6h87BnPr/s3qNbzt8Gg:4U+eRvr4eoxlWGj6hePzs

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2040	1736	WerFault.exe	6

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2040	1736	c33063dfb3bf404b3dc0ddc8ecc646359eaf21d1af8948253b2427094b310cb6.exe	28
PID 1736 wrote to memory of 2040	1736	c33063dfb3bf404b3dc0ddc8ecc646359eaf21d1af8948253b2427094b310cb6.exe	28
PID 1736 wrote to memory of 2040	1736	c33063dfb3bf404b3dc0ddc8ecc646359eaf21d1af8948253b2427094b310cb6.exe	28
PID 1736 wrote to memory of 2040	1736	c33063dfb3bf404b3dc0ddc8ecc646359eaf21d1af8948253b2427094b310cb6.exe	28

C:\Users\Admin\AppData\Local\Temp\c33063dfb3bf404b3dc0ddc8ecc646359eaf21d1af8948253b2427094b310cb6.exe
"C:\Users\Admin\AppData\Local\Temp\c33063dfb3bf404b3dc0ddc8ecc646359eaf21d1af8948253b2427094b310cb6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 116
  2⤵
  - Program crash
  PID:2040

memory/1736-54-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download
memory/1736-56-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download