2705a76df230ab1bd6ccfbc976eb2a1d462bb4e036369d716b78d68dbc1fa905

Analysis

max time kernel
27s
max time network
31s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
10-07-2023 18:26

Target

dad6f36ec6129dexeexeexeex.exe
Size

335KB
MD5

dad6f36ec6129dbaca93d7f3c2f4ae86
SHA1

bd2b4faaf239c68c99d4b2c707a673920b03e890
SHA256

2705a76df230ab1bd6ccfbc976eb2a1d462bb4e036369d716b78d68dbc1fa905
SHA512

3532420b8b8de86847658b93ee270a4c8cda9d15238fd6018660031f28315ca4539abff099becc531a48e9a28e19c8843464f87a944f161e275ef1e0312d8bf5
SSDEEP

6144:qtUGfUWOeEBUEhLkXj3zRG6yLQ/UNP4H2CiTTc10qhh48Ajrt:qtUGfVwUFzRG6EQ0POfiTTs0qdAjrt

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1804 1744 WerFault.exe dad6f36ec6129dexeexeexeex.exe

pid	pid_target	process	target process
1804	1744	WerFault.exe	dad6f36ec6129dexeexeexeex.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

dad6f36ec6129dexeexeexeex.exe

description	pid	process	target process
PID 1744 wrote to memory of 1804	1744	dad6f36ec6129dexeexeexeex.exe	WerFault.exe
PID 1744 wrote to memory of 1804	1744	dad6f36ec6129dexeexeexeex.exe	WerFault.exe
PID 1744 wrote to memory of 1804	1744	dad6f36ec6129dexeexeexeex.exe	WerFault.exe
PID 1744 wrote to memory of 1804	1744	dad6f36ec6129dexeexeexeex.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\dad6f36ec6129dexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\dad6f36ec6129dexeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 120
2⤵
- Program crash
PID:1804