8ac4826d1ee5ca48fdf90dbd2c06bfc17813e1195317cfefaf4493f470b1b4cb

Analysis

max time kernel
6s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 14:29

Target

8ac4826d1ee5ca48fdf90dbd2c06bfc17813e1195317cfefaf4493f470b1b4cb.exe
Size

64KB
MD5

bbb79030c1e022a4813828d7be4c0c73
SHA1

704610479833effc0f6f8d194f60033561122576
SHA256

8ac4826d1ee5ca48fdf90dbd2c06bfc17813e1195317cfefaf4493f470b1b4cb
SHA512

233bd33a8d2c757bea7a5c85abc4179ebe8eaf4dce27a1108b251ca9aa6d68404734017a30b84ba6267a478eead235f573a13e1d3aab3ce5d8de2861786e4720
SSDEEP

1536:croWtPdPosz4fSb8OkGy5BCvXaI3HS8hP3iUmi+I:EdFQsUfBUQIvXPH/PrJ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
980	1432	WerFault.exe	13

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 980	1432	8ac4826d1ee5ca48fdf90dbd2c06bfc17813e1195317cfefaf4493f470b1b4cb.exe	28
PID 1432 wrote to memory of 980	1432	8ac4826d1ee5ca48fdf90dbd2c06bfc17813e1195317cfefaf4493f470b1b4cb.exe	28
PID 1432 wrote to memory of 980	1432	8ac4826d1ee5ca48fdf90dbd2c06bfc17813e1195317cfefaf4493f470b1b4cb.exe	28
PID 1432 wrote to memory of 980	1432	8ac4826d1ee5ca48fdf90dbd2c06bfc17813e1195317cfefaf4493f470b1b4cb.exe	28

C:\Users\Admin\AppData\Local\Temp\8ac4826d1ee5ca48fdf90dbd2c06bfc17813e1195317cfefaf4493f470b1b4cb.exe
"C:\Users\Admin\AppData\Local\Temp\8ac4826d1ee5ca48fdf90dbd2c06bfc17813e1195317cfefaf4493f470b1b4cb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 36
  2⤵
  - Program crash
  PID:980

memory/1432-55-0x0000000000D20000-0x0000000000D48000-memory.dmp

Filesize
160KB

Download