3fdf3eea61ecfd56ea2fab38d14bd517e6c4c550884929a351edcb7039aa6c9d

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23-08-2023 11:36

Target

3fdf3eea61ecfd56ea2fab38d14bd517e6c4c550884929a351edcb7039aa6c9d.exe
Size

6.0MB
MD5

f7d65c063c05a1a7b48c8dc0c61550ee
SHA1

5d1aa29bc04a1797ced87b6768c82d5dcf05b506
SHA256

3fdf3eea61ecfd56ea2fab38d14bd517e6c4c550884929a351edcb7039aa6c9d
SHA512

2142e549e03e6e0b9c9f687eed8599f49a8d14ca11a9b66f01adb2364c934044278727f0b4eee5beb31348136311cc6679e50ff91a8a39ab76f53c1c0dc95086
SSDEEP

49152:89GGQDGlAV3Sga4XnTHTeTijtpj0AqRPVRmbPT1DGBr7arnzhppEIzK9kdTXe1w:8cGV+1Sg3XhtpQAQPzmbPhYwFXcw

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2432	2624	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2432	2624	3fdf3eea61ecfd56ea2fab38d14bd517e6c4c550884929a351edcb7039aa6c9d.exe	1
PID 2624 wrote to memory of 2432	2624	3fdf3eea61ecfd56ea2fab38d14bd517e6c4c550884929a351edcb7039aa6c9d.exe	1
PID 2624 wrote to memory of 2432	2624	3fdf3eea61ecfd56ea2fab38d14bd517e6c4c550884929a351edcb7039aa6c9d.exe	1
PID 2624 wrote to memory of 2432	2624	3fdf3eea61ecfd56ea2fab38d14bd517e6c4c550884929a351edcb7039aa6c9d.exe	1

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 220
1⤵
- Program crash
PID:2432

C:\Users\Admin\AppData\Local\Temp\3fdf3eea61ecfd56ea2fab38d14bd517e6c4c550884929a351edcb7039aa6c9d.exe
"C:\Users\Admin\AppData\Local\Temp\3fdf3eea61ecfd56ea2fab38d14bd517e6c4c550884929a351edcb7039aa6c9d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2624

memory/2624-0-0x0000000000400000-0x0000000000A0F000-memory.dmp

Filesize
6.1MB

Download