8208cff7405330202bd42bf412031e24fdd1e464aa1a2dfe591e00ddc729c3cd

Analysis

max time kernel
56s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 13:11

Target

8208cff7405330202bd42bf412031e24fdd1e464aa1a2dfe591e00ddc729c3cd.exe
Size

317KB
MD5

6b71c481ae5ad02bed153b39ef137b6c
SHA1

9d171841d1eaa306295221691649a58827562e77
SHA256

8208cff7405330202bd42bf412031e24fdd1e464aa1a2dfe591e00ddc729c3cd
SHA512

36e7ff69b05133e53dc0b4c69e58d68f98fe1abb20d2a48658e31540cf60ae0c695ac94a5036f1fb5a7bcc2c59e85c364d834402af41833a5b95b1c70df20aa4
SSDEEP

6144:KSAEzN/89pIbUVd5u+fFBiSjV1WsmEpmcEBzYIfXBG42hpqvhI:KbYN/gF1jjVgsmEpANv2h0vhI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1732	1364	WerFault.exe	18

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 1732	1364	8208cff7405330202bd42bf412031e24fdd1e464aa1a2dfe591e00ddc729c3cd.exe	28
PID 1364 wrote to memory of 1732	1364	8208cff7405330202bd42bf412031e24fdd1e464aa1a2dfe591e00ddc729c3cd.exe	28
PID 1364 wrote to memory of 1732	1364	8208cff7405330202bd42bf412031e24fdd1e464aa1a2dfe591e00ddc729c3cd.exe	28
PID 1364 wrote to memory of 1732	1364	8208cff7405330202bd42bf412031e24fdd1e464aa1a2dfe591e00ddc729c3cd.exe	28
PID 1364 wrote to memory of 1732	1364	8208cff7405330202bd42bf412031e24fdd1e464aa1a2dfe591e00ddc729c3cd.exe	28
PID 1364 wrote to memory of 1732	1364	8208cff7405330202bd42bf412031e24fdd1e464aa1a2dfe591e00ddc729c3cd.exe	28
PID 1364 wrote to memory of 1732	1364	8208cff7405330202bd42bf412031e24fdd1e464aa1a2dfe591e00ddc729c3cd.exe	28

C:\Users\Admin\AppData\Local\Temp\8208cff7405330202bd42bf412031e24fdd1e464aa1a2dfe591e00ddc729c3cd.exe
"C:\Users\Admin\AppData\Local\Temp\8208cff7405330202bd42bf412031e24fdd1e464aa1a2dfe591e00ddc729c3cd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 284
  2⤵
  - Program crash
  PID:1732

memory/1364-54-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download
memory/1364-55-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1364-57-0x00000000008C0000-0x0000000000918000-memory.dmp

Filesize
352KB

Download
memory/1364-58-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1732-56-0x0000000000000000-mapping.dmp

Download