b449162d45cad31e03d113e02a10200b42b817f3612cef0e3f6aaebe6a3dbb2d

Analysis

max time kernel
29s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02/06/2023, 13:25

Target

308113139b8a05fe3ca6dcc5640fbdd6.exe
Size

20KB
MD5

308113139b8a05fe3ca6dcc5640fbdd6
SHA1

220c7ca7237b63676a7c652cd1df66c46f401d0b
SHA256

b449162d45cad31e03d113e02a10200b42b817f3612cef0e3f6aaebe6a3dbb2d
SHA512

ad0199dcf28bf941b5167c62cb71bebd756c6950efe482d74f804bea5ded9cd76aacf524ae2e0f19d8bb2aaaa297558f4b116b1c672de326ecf1e06ade518dab
SSDEEP

384:vfRuvp3UynBVksa2pCbtftklJUzm4LxO7XPslGoGCJEF8ZpHtA1TdL:vov2yn01bltkl7exO7cEFiR+9dL

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
916	1236	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 916	1236	308113139b8a05fe3ca6dcc5640fbdd6.exe	28
PID 1236 wrote to memory of 916	1236	308113139b8a05fe3ca6dcc5640fbdd6.exe	28
PID 1236 wrote to memory of 916	1236	308113139b8a05fe3ca6dcc5640fbdd6.exe	28

C:\Users\Admin\AppData\Local\Temp\308113139b8a05fe3ca6dcc5640fbdd6.exe
"C:\Users\Admin\AppData\Local\Temp\308113139b8a05fe3ca6dcc5640fbdd6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1236 -s 520
  2⤵
  - Program crash
  PID:916

memory/1236-54-0x00000000002B0000-0x00000000002B8000-memory.dmp

Filesize
32KB

Download
memory/1236-55-0x0000000000750000-0x00000000007D0000-memory.dmp

Filesize
512KB

Download
memory/1236-56-0x0000000000750000-0x00000000007D0000-memory.dmp

Filesize
512KB

Download