12e20d9e404baa698d54fb1053dd410345a5b7e444676219bc1a4beef043a072

Analysis

max time kernel
38s
max time network
40s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/01/2023, 14:35

Target

860-66-0x0000000000400000-0x000000000042E000-memory.exe
Size

184KB
MD5

7d4389436bbccdc800a502534f20d6d0
SHA1

f8301b8388b61f736776c3aab5c6677149d03f64
SHA256

12e20d9e404baa698d54fb1053dd410345a5b7e444676219bc1a4beef043a072
SHA512

8eb9ac1be51570cdf978cb33780c54da997813807e1705b1022f7d44c96d63fbfbcbb1d1a1272acbaf680af697a983a9c1168fc060f24b74ab9467ee0f1a7134
SSDEEP

3072:yGLLqmznb0IiUsxWKorZq6Xp+9f5vTW236Rfi0ub5mm3yWxQh:yuznYIfsLPEpefRy236RZAMmiWxU

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1356	1476	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 1356	1476	860-66-0x0000000000400000-0x000000000042E000-memory.exe	27
PID 1476 wrote to memory of 1356	1476	860-66-0x0000000000400000-0x000000000042E000-memory.exe	27
PID 1476 wrote to memory of 1356	1476	860-66-0x0000000000400000-0x000000000042E000-memory.exe	27
PID 1476 wrote to memory of 1356	1476	860-66-0x0000000000400000-0x000000000042E000-memory.exe	27

C:\Users\Admin\AppData\Local\Temp\860-66-0x0000000000400000-0x000000000042E000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\860-66-0x0000000000400000-0x000000000042E000-memory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 36
  2⤵
  - Program crash
  PID:1356