422e9918af43e438d491c506965442f01d4f0aa2ec5dd6885e3fd29b320682cd

Analysis

max time kernel
28s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14/06/2023, 09:50

Target

SLAdapterService.exe
Size

294KB
MD5

024b2674e2fece6d247f40341bbd5fe5
SHA1

83872ebe6cedbb222ccec406b957fb4ff7eef8b8
SHA256

422e9918af43e438d491c506965442f01d4f0aa2ec5dd6885e3fd29b320682cd
SHA512

b3f8debbf6ef1d96f1f5b3e086e65e52f18ebd4e99502c6a3574f3924e2ef692005c2c12eb81eca8775b4f15a2bdac57ab595c4af86f8ab9d1e72eef8271c975
SSDEEP

6144:o9VThYFvEoM+hz8cyBZ9aUf0ust2y6rNv7XBX99lsMx86i9z4QQ:CVsvEoM+hz8cyBZ9aUf0ust2ygNjXBXp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1952	2000	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1952	2000	SLAdapterService.exe	27
PID 2000 wrote to memory of 1952	2000	SLAdapterService.exe	27
PID 2000 wrote to memory of 1952	2000	SLAdapterService.exe	27
PID 2000 wrote to memory of 1952	2000	SLAdapterService.exe	27

C:\Users\Admin\AppData\Local\Temp\SLAdapterService.exe
"C:\Users\Admin\AppData\Local\Temp\SLAdapterService.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 548
  2⤵
  - Program crash
  PID:1952

memory/2000-54-0x0000000001370000-0x00000000013BE000-memory.dmp

Filesize
312KB

Download