75f891eb013ecc8d3c62f7addf6892cea0c22807f4e5d1bb1d14d18f4aa49cc1

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13/06/2023, 19:24

Target

Erp7.Share.DBsUpdate.exe
Size

172KB
MD5

cd80417bef0a2fc1dd0a11f3fab3de85
SHA1

0b655559437524a3fbdd101652148761fac389b3
SHA256

75f891eb013ecc8d3c62f7addf6892cea0c22807f4e5d1bb1d14d18f4aa49cc1
SHA512

fc5c5421481f87915e97507412d344e9b0f7740f10b7adb8a841f3705366e665d1d11be76d69db394e5e9da32f5ac8bc8e4bc56a8435082666d9a43d2d3fceaa
SSDEEP

1536:vXyBQx0i/S+xj2ZiDgwzW2ZCRlAGyQgUgFgub1JQtKNEZQte4BRqx+y4YT:vXyqx0i/S+xj24DOMBI+y4YT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1992	2044	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1992	2044	Erp7.Share.DBsUpdate.exe	28
PID 2044 wrote to memory of 1992	2044	Erp7.Share.DBsUpdate.exe	28
PID 2044 wrote to memory of 1992	2044	Erp7.Share.DBsUpdate.exe	28

C:\Users\Admin\AppData\Local\Temp\Erp7.Share.DBsUpdate.exe
"C:\Users\Admin\AppData\Local\Temp\Erp7.Share.DBsUpdate.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2044 -s 532
  2⤵
  - Program crash
  PID:1992

memory/2044-54-0x0000000000FA0000-0x0000000000FD0000-memory.dmp

Filesize
192KB

Download