e17065ef97296d45e1dc6e86d91c13bc69ccbab3d9bd33a9fda9b8a71cc81fb5

Analysis

max time kernel
150s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
09-03-2023 04:24

Target

e17065ef97296d45e1dc6e86d91c13bc69ccbab3d9bd33a9fda9b8a71cc81fb5.exe
Size

4.9MB
MD5

978416f7b00b6b01780140fc5a002963
SHA1

bf86fa1fc902a7af77a51d9a7e8d7805db0d01c3
SHA256

e17065ef97296d45e1dc6e86d91c13bc69ccbab3d9bd33a9fda9b8a71cc81fb5
SHA512

4713e0e4db89f63ddb041f9e9b5d881dd452c7b912c4a91c3ad459354b243adde039e5cdc031352bf1f893ff5c90383217b4dbb563d6cda02941611f6587fcfd
SSDEEP

98304:uxxSruAGbl51kDt/H9bieeN7AaZRdZDHLCh/MX/kBn/f4BlR/fZWN7:CSrk31Y1bdeNkaZR/nCh/MX/k2DR/hs

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2004 1728 WerFault.exe e17065ef97296d45e1dc6e86d91c13bc69ccbab3d9bd33a9fda9b8a71cc81fb5.exe

pid	pid_target	process	target process
2004	1728	WerFault.exe	e17065ef97296d45e1dc6e86d91c13bc69ccbab3d9bd33a9fda9b8a71cc81fb5.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

e17065ef97296d45e1dc6e86d91c13bc69ccbab3d9bd33a9fda9b8a71cc81fb5.exe

description	pid	process	target process
PID 1728 wrote to memory of 2004	1728	e17065ef97296d45e1dc6e86d91c13bc69ccbab3d9bd33a9fda9b8a71cc81fb5.exe	WerFault.exe
PID 1728 wrote to memory of 2004	1728	e17065ef97296d45e1dc6e86d91c13bc69ccbab3d9bd33a9fda9b8a71cc81fb5.exe	WerFault.exe
PID 1728 wrote to memory of 2004	1728	e17065ef97296d45e1dc6e86d91c13bc69ccbab3d9bd33a9fda9b8a71cc81fb5.exe	WerFault.exe
PID 1728 wrote to memory of 2004	1728	e17065ef97296d45e1dc6e86d91c13bc69ccbab3d9bd33a9fda9b8a71cc81fb5.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\e17065ef97296d45e1dc6e86d91c13bc69ccbab3d9bd33a9fda9b8a71cc81fb5.exe
"C:\Users\Admin\AppData\Local\Temp\e17065ef97296d45e1dc6e86d91c13bc69ccbab3d9bd33a9fda9b8a71cc81fb5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 212
2⤵
- Program crash
PID:2004

memory/1728-54-0x0000000000400000-0x00000000010E3000-memory.dmp

Filesize
12.9MB

Download
memory/1728-57-0x0000000000400000-0x00000000010E3000-memory.dmp

Filesize
12.9MB

Download