8fdb64455944ffcd1f1c0bf819a2b920fd4e51d5fe7ddbc196c2d1b7827d19a7

Analysis

max time kernel
28s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-01-2023 13:58

Target

8fdb64455944ffcd1f1c0bf819a2b920fd4e51d5fe7ddbc196c2d1b7827d19a7.exe
Size

152KB
MD5

5ac986ecab0831a877db20844087f458
SHA1

99031c864ce7b79b8361a8b091654d610d338668
SHA256

8fdb64455944ffcd1f1c0bf819a2b920fd4e51d5fe7ddbc196c2d1b7827d19a7
SHA512

d091fca7cd0ff8855e6a7a8732c322a345b6c0496cc01b82c91b9a283f183191d1289bbabbc47941a127bbb23ee81c517a22b1f801861c047dd4f265d0956f96
SSDEEP

3072:6Uy7lSAqV5fkdeUXdap0jjFwUWKCGA+yWiWT7U9HU7h:DyJSZfEda0jZ1aGA+hRc9S

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
960	852	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 960	852	8fdb64455944ffcd1f1c0bf819a2b920fd4e51d5fe7ddbc196c2d1b7827d19a7.exe	29
PID 852 wrote to memory of 960	852	8fdb64455944ffcd1f1c0bf819a2b920fd4e51d5fe7ddbc196c2d1b7827d19a7.exe	29
PID 852 wrote to memory of 960	852	8fdb64455944ffcd1f1c0bf819a2b920fd4e51d5fe7ddbc196c2d1b7827d19a7.exe	29

C:\Users\Admin\AppData\Local\Temp\8fdb64455944ffcd1f1c0bf819a2b920fd4e51d5fe7ddbc196c2d1b7827d19a7.exe
"C:\Users\Admin\AppData\Local\Temp\8fdb64455944ffcd1f1c0bf819a2b920fd4e51d5fe7ddbc196c2d1b7827d19a7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:852
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 852 -s 528
  2⤵
  - Program crash
  PID:960

memory/852-54-0x00000000001D0000-0x00000000001FC000-memory.dmp

Filesize
176KB

Download
memory/960-55-0x0000000000000000-mapping.dmp

Download