f220e9f588cb2724058ad0601c449f612f9355243aaa2fd7ee1d87fd177cdc1a

Analysis

max time kernel
1s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/02/2023, 18:55

Target

d502defbe8e4d9b6a6ca0a29a28a0da6c4c30352.exe
Size

37KB
MD5

259c465decc19ee0127d9d66e732cfba
SHA1

d502defbe8e4d9b6a6ca0a29a28a0da6c4c30352
SHA256

f220e9f588cb2724058ad0601c449f612f9355243aaa2fd7ee1d87fd177cdc1a
SHA512

f68f75836561e6693d982799a6907f0c255ab52bc84ac03213ceb6c15409b18ef0405556edfe867f39ea61df5c6b3860be3301353699838086a6e5f1e13a5cfd
SSDEEP

768:vevDNGja1TxGIP+tZS3XpgTR5t+jZqt5RYVMQY24v:0NG21T4IP+tZ2XmNz+VqtfYd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1112	1660	WerFault.exe	24

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 1112	1660	d502defbe8e4d9b6a6ca0a29a28a0da6c4c30352.exe	28
PID 1660 wrote to memory of 1112	1660	d502defbe8e4d9b6a6ca0a29a28a0da6c4c30352.exe	28
PID 1660 wrote to memory of 1112	1660	d502defbe8e4d9b6a6ca0a29a28a0da6c4c30352.exe	28

C:\Users\Admin\AppData\Local\Temp\d502defbe8e4d9b6a6ca0a29a28a0da6c4c30352.exe
"C:\Users\Admin\AppData\Local\Temp\d502defbe8e4d9b6a6ca0a29a28a0da6c4c30352.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1660 -s 712
  2⤵
  - Program crash
  PID:1112

memory/1660-54-0x0000000000A30000-0x0000000000A3E000-memory.dmp

Filesize
56KB

Download
memory/1660-55-0x000007FEFC421000-0x000007FEFC423000-memory.dmp

Filesize
8KB

Download