e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4

Analysis

max time kernel
35s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 09:51 UTC

Target

e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4.exe
Size

180KB
MD5

2efbe67e13c2d5f04b71a5d21e3dae72
SHA1

a8b03629b5bc24d9a9003567fcbbc868f88d6bc9
SHA256

e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4
SHA512

8eef0b7917d1f1bbd23b75f2fe5e1ff9a15e9d4759a5991511eb05dcfddce534022dc42c4bfb830d418ce996c9b6cbc64a31fadbf28b7fc817b80d27bba84ff8
SSDEEP

3072:pCbLSL5zAsdHm490ySm1EcOYG3aa+zvRz5N8uy:pCPq+EHm49mMEB8vXNhy

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1620	1612	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 1620	1612	e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4.exe	26
PID 1612 wrote to memory of 1620	1612	e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4.exe	26
PID 1612 wrote to memory of 1620	1612	e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4.exe	26
PID 1612 wrote to memory of 1620	1612	e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4.exe	26

C:\Users\Admin\AppData\Local\Temp\e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4.exe
"C:\Users\Admin\AppData\Local\Temp\e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 148
  2⤵
  - Program crash
  PID:1620

memory/1612-54-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download