fbe638333572d6bdde5ce03750bca30af87430e9b113fc92f96b51e93519d1ba

Analysis

max time kernel
8s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 10:26

Target

fbe638333572d6bdde5ce03750bca30af87430e9b113fc92f96b51e93519d1ba.exe
Size

132KB
MD5

4a11c0a79c1dc976f4d4b9195b2ccc4b
SHA1

561824ecd2291e51b43d5239227aa6f5160e64c6
SHA256

fbe638333572d6bdde5ce03750bca30af87430e9b113fc92f96b51e93519d1ba
SHA512

df61b90744679918ce0e9c0ebf2e104303d9400575259c9297fd3d24ba62792d602fdf73369358428f894023c3822f5e799651046ee6f550ac8bb804f74c83f2
SSDEEP

3072:vVGOVObSPydi94+kL/UdZ4DWB0EYHfir9PZfYEphUdLqFF+Dj:v0OgbzdG4+kLcdZ4qY6VZwg2LqyDj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1316	968	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 1316	968	fbe638333572d6bdde5ce03750bca30af87430e9b113fc92f96b51e93519d1ba.exe	28
PID 968 wrote to memory of 1316	968	fbe638333572d6bdde5ce03750bca30af87430e9b113fc92f96b51e93519d1ba.exe	28
PID 968 wrote to memory of 1316	968	fbe638333572d6bdde5ce03750bca30af87430e9b113fc92f96b51e93519d1ba.exe	28
PID 968 wrote to memory of 1316	968	fbe638333572d6bdde5ce03750bca30af87430e9b113fc92f96b51e93519d1ba.exe	28

C:\Users\Admin\AppData\Local\Temp\fbe638333572d6bdde5ce03750bca30af87430e9b113fc92f96b51e93519d1ba.exe
"C:\Users\Admin\AppData\Local\Temp\fbe638333572d6bdde5ce03750bca30af87430e9b113fc92f96b51e93519d1ba.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:968
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 148
  2⤵
  - Program crash
  PID:1316

memory/968-55-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download