3a0a9c9d17e7d5ab347cf05ec50ea6a758b966859e218ed36a95eefc9a5eff2d

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/02/2023, 19:23 UTC

Target

ff6eb90ea94ce75c0cfdf1c5c967c41e1f467093.exe
Size

37KB
MD5

78f270cbab89f32c355f1b9354e74a17
SHA1

ff6eb90ea94ce75c0cfdf1c5c967c41e1f467093
SHA256

3a0a9c9d17e7d5ab347cf05ec50ea6a758b966859e218ed36a95eefc9a5eff2d
SHA512

29d5394d7cb67a6892c217c724454a66efefcdcc0b22e91ac120956ef196066635ebc76d04c141e85eb068f4ec5e9cecc15510e7e2e1ccd5575f3915a7aef69e
SSDEEP

768:tevPNqfe1TxGW+t12vXOguVQt+hEqt5RYVMb824v:ONqm1T4W+t1eXVsw+CqtfYE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1468	840	WerFault.exe	26

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 1468	840	ff6eb90ea94ce75c0cfdf1c5c967c41e1f467093.exe	27
PID 840 wrote to memory of 1468	840	ff6eb90ea94ce75c0cfdf1c5c967c41e1f467093.exe	27
PID 840 wrote to memory of 1468	840	ff6eb90ea94ce75c0cfdf1c5c967c41e1f467093.exe	27

C:\Users\Admin\AppData\Local\Temp\ff6eb90ea94ce75c0cfdf1c5c967c41e1f467093.exe
"C:\Users\Admin\AppData\Local\Temp\ff6eb90ea94ce75c0cfdf1c5c967c41e1f467093.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:840
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 840 -s 736
  2⤵
  - Program crash
  PID:1468

memory/840-54-0x0000000001130000-0x000000000113E000-memory.dmp

Filesize
56KB

Download
memory/840-55-0x000007FEFBF81000-0x000007FEFBF83000-memory.dmp

Filesize
8KB

Download