642ff7c0b2c9fda67c4b900fb2964c4e58039f63a48f11121e59ab297c31f5c4

Analysis

max time kernel
11s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
07/05/2023, 19:15

Target

ca6fc8c3e7df3d76bd53bd56bed90176.exe
Size

604KB
MD5

ca6fc8c3e7df3d76bd53bd56bed90176
SHA1

6320187f3026df044e6da09ef131760170a943ff
SHA256

642ff7c0b2c9fda67c4b900fb2964c4e58039f63a48f11121e59ab297c31f5c4
SHA512

78e0e218b19a7ed36af47eb9dce3d87afc72e7bf92479a3a160d9df7bc732ee6f326bd46b9ed08017fbbba7dedd506d8de8857fef017e2c7600d8b1edbc5bd27
SSDEEP

6144:yCFqP9j6b+HdtH9Wd1yxBMf8eMCDpNxsdDwK3brKsnobns+NOYu56FNVWdjyh0XL:y/9u+Hdsy7MfPMGxsh3nUng6FNqjq0XL

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1772	1520	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 1772	1520	ca6fc8c3e7df3d76bd53bd56bed90176.exe	28
PID 1520 wrote to memory of 1772	1520	ca6fc8c3e7df3d76bd53bd56bed90176.exe	28
PID 1520 wrote to memory of 1772	1520	ca6fc8c3e7df3d76bd53bd56bed90176.exe	28
PID 1520 wrote to memory of 1772	1520	ca6fc8c3e7df3d76bd53bd56bed90176.exe	28

C:\Users\Admin\AppData\Local\Temp\ca6fc8c3e7df3d76bd53bd56bed90176.exe
"C:\Users\Admin\AppData\Local\Temp\ca6fc8c3e7df3d76bd53bd56bed90176.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 172
  2⤵
  - Program crash
  PID:1772

memory/1520-54-0x00000000012B0000-0x000000000132C000-memory.dmp

Filesize
496KB

Download