6d4eeacf8d37b21648019bbcba5c3010b5f2d0907660872de4a9a7287218dac1

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13/06/2023, 17:07

Target

FNGAutoBkpConfig.exe
Size

4.3MB
MD5

1bb48abd2e16605d5e326791e7214ef3
SHA1

d77a31d3b1caaa79563228a00f6fb091d66ce47f
SHA256

6d4eeacf8d37b21648019bbcba5c3010b5f2d0907660872de4a9a7287218dac1
SHA512

593b05c758549d713ff62a182143723d83a4f7c836178bc3b6847caad6177cfb4d7262fa5752da28901d635f6911900f5b5ec95ad812eb9f8d52839c7a632822
SSDEEP

49152:4+1uidtDuLPd+9bLxJGwPbKSDvVUvubFh7ljBmkO3TEaAa1Fell3ILzBOG9NyAp1:4+IsF5LxwwuSJUGeFj1Fe34BOG9Ny1D

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1948	2040	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1948	2040	FNGAutoBkpConfig.exe	28
PID 2040 wrote to memory of 1948	2040	FNGAutoBkpConfig.exe	28
PID 2040 wrote to memory of 1948	2040	FNGAutoBkpConfig.exe	28

C:\Users\Admin\AppData\Local\Temp\FNGAutoBkpConfig.exe
"C:\Users\Admin\AppData\Local\Temp\FNGAutoBkpConfig.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2040 -s 532
  2⤵
  - Program crash
  PID:1948

memory/2040-54-0x0000000001190000-0x00000000015D6000-memory.dmp

Filesize
4.3MB

Download