d0c2c478b705b645efd9144d6d6676ca8cdd8f54d0b44b9ca2b426c0e6168863

Analysis

max time kernel
23s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 18:25

Target

d0c2c478b705b645efd9144d6d6676ca8cdd8f54d0b44b9ca2b426c0e6168863.exe
Size

30KB
MD5

787ce17a8e4f9867df638a07b770db9f
SHA1

50448ee367559bd9962d2cde25915fd7c7f04bac
SHA256

d0c2c478b705b645efd9144d6d6676ca8cdd8f54d0b44b9ca2b426c0e6168863
SHA512

a5bbd58c6af7ae281ee91b0b94102cfaf71beb01768a583afd79724079b20429f200076e3bdbb14c687ceab24a82eb1bf0267b3e99671daed79bffead359a00d
SSDEEP

768:Vz/Jkr4S/h9BaIOqnToIf13HjPi/urbTgd:Vz/Jc//h9BaIOqnToIfxjOunMd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1828	1932	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 1828	1932	d0c2c478b705b645efd9144d6d6676ca8cdd8f54d0b44b9ca2b426c0e6168863.exe	27
PID 1932 wrote to memory of 1828	1932	d0c2c478b705b645efd9144d6d6676ca8cdd8f54d0b44b9ca2b426c0e6168863.exe	27
PID 1932 wrote to memory of 1828	1932	d0c2c478b705b645efd9144d6d6676ca8cdd8f54d0b44b9ca2b426c0e6168863.exe	27
PID 1932 wrote to memory of 1828	1932	d0c2c478b705b645efd9144d6d6676ca8cdd8f54d0b44b9ca2b426c0e6168863.exe	27

C:\Users\Admin\AppData\Local\Temp\d0c2c478b705b645efd9144d6d6676ca8cdd8f54d0b44b9ca2b426c0e6168863.exe
"C:\Users\Admin\AppData\Local\Temp\d0c2c478b705b645efd9144d6d6676ca8cdd8f54d0b44b9ca2b426c0e6168863.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 52
  2⤵
  - Program crash
  PID:1828

memory/1932-54-0x0000000000553000-0x0000000000556000-memory.dmp

Filesize
12KB

Download
memory/1932-56-0x0000000000554000-0x0000000000556000-memory.dmp

Filesize
8KB

Download