83c0635c5063a6a6081c58073ae426f7927048e174f119e7a22baa4bcbc02228

Analysis

max time kernel
27s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13-06-2023 19:00

Target

shenheCenter20.exe
Size

810KB
MD5

5d8c0b9013b6262dd533c8f9340161b5
SHA1

de4137e3f8fd5f1b5fc494ac64c957553654d92d
SHA256

83c0635c5063a6a6081c58073ae426f7927048e174f119e7a22baa4bcbc02228
SHA512

70a20b4eb20dae01a30ae4af3acd2b9ad1c85790964dd0d8ed2785b2a968989a5d1b565f89c2b7970aec9864cd98bef5834ce4b712614eb83e9c1d5303b684d1
SSDEEP

6144:a9D9/Wx3uNXLEVCslSP4VDMV6rO3gaPixQZfmSn0E6WF6vTnu//JwaJRlKcv/p5G:ID9AeXLeBDVDG3gk9QvTumaZKcdPjNmn

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1940	1976	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1940	1976	shenheCenter20.exe	28
PID 1976 wrote to memory of 1940	1976	shenheCenter20.exe	28
PID 1976 wrote to memory of 1940	1976	shenheCenter20.exe	28
PID 1976 wrote to memory of 1940	1976	shenheCenter20.exe	28

C:\Users\Admin\AppData\Local\Temp\shenheCenter20.exe
"C:\Users\Admin\AppData\Local\Temp\shenheCenter20.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 540
  2⤵
  - Program crash
  PID:1940

memory/1976-54-0x00000000003A0000-0x0000000000470000-memory.dmp

Filesize
832KB

Download