ffae7d880fcb139d03941e1bc658ce463e179435f438d945c74067fe291beb23

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27-12-2022 19:54

Target

cb80fb19380b3dd20032763daa460af4452eebd7.exe
Size

2.3MB
MD5

5ab956806ec2e729b2c9c260ee3139f2
SHA1

cb80fb19380b3dd20032763daa460af4452eebd7
SHA256

ffae7d880fcb139d03941e1bc658ce463e179435f438d945c74067fe291beb23
SHA512

14e1c8e2903f213596841475fd0778628f4af70d8c31dc80e614131cd886a81c767ed2baef2f985c67f3d0bd041971234de9a6a117410ad691895b431c07ce68
SSDEEP

49152:D0h8WyLIxcxU0oQGqmIHyPFUI/G7y3NmbzoZAXCRWlR1ObMy1TKik:D0htUIOxUXlIHuaf7y3gz1KbM

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

532 1700 WerFault.exe cb80fb19380b3dd20032763daa460af4452eebd7.exe

pid	pid_target	process	target process
532	1700	WerFault.exe	cb80fb19380b3dd20032763daa460af4452eebd7.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

cb80fb19380b3dd20032763daa460af4452eebd7.exe

description	pid	process	target process
PID 1700 wrote to memory of 532	1700	cb80fb19380b3dd20032763daa460af4452eebd7.exe	WerFault.exe
PID 1700 wrote to memory of 532	1700	cb80fb19380b3dd20032763daa460af4452eebd7.exe	WerFault.exe
PID 1700 wrote to memory of 532	1700	cb80fb19380b3dd20032763daa460af4452eebd7.exe	WerFault.exe
PID 1700 wrote to memory of 532	1700	cb80fb19380b3dd20032763daa460af4452eebd7.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\cb80fb19380b3dd20032763daa460af4452eebd7.exe
"C:\Users\Admin\AppData\Local\Temp\cb80fb19380b3dd20032763daa460af4452eebd7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 152
2⤵
- Program crash
PID:532

memory/532-55-0x0000000000000000-mapping.dmp

Download
memory/1700-54-0x0000000075FF1000-0x0000000075FF3000-memory.dmp

Filesize
8KB

Download