0922fea26944593fe03c878eb24ee7c320b4d89ae097f9d0cc1071e9241eb6c7

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
27/11/2023, 04:00

Target

0922fea26944593fe03c878eb24ee7c320b4d89ae097f9d0cc1071e9241eb6c7.exe
Size

12.8MB
MD5

0a5865f98d53745850fcceb1b5f95f9f
SHA1

86a92f03e571c9e1fac3481e56cf28bdc0ec9b0a
SHA256

0922fea26944593fe03c878eb24ee7c320b4d89ae097f9d0cc1071e9241eb6c7
SHA512

f315e18b5901752df032b792335c3676ceeb8f19a18c083f9b2cb175d028bcd924cec6acf501da80cd9276ed90d3b6a7b0f1e4e3068e0a879ad33a649e59a0b8
SSDEEP

393216:7Y6jeLZytNElT4dAn57MLmDHDf/bCvhNOAXh3Y4FK0eKX:k+iZKNElU2n5/Df/A9JeG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2752	2472	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 2752	2472	0922fea26944593fe03c878eb24ee7c320b4d89ae097f9d0cc1071e9241eb6c7.exe	28
PID 2472 wrote to memory of 2752	2472	0922fea26944593fe03c878eb24ee7c320b4d89ae097f9d0cc1071e9241eb6c7.exe	28
PID 2472 wrote to memory of 2752	2472	0922fea26944593fe03c878eb24ee7c320b4d89ae097f9d0cc1071e9241eb6c7.exe	28
PID 2472 wrote to memory of 2752	2472	0922fea26944593fe03c878eb24ee7c320b4d89ae097f9d0cc1071e9241eb6c7.exe	28

C:\Users\Admin\AppData\Local\Temp\0922fea26944593fe03c878eb24ee7c320b4d89ae097f9d0cc1071e9241eb6c7.exe
"C:\Users\Admin\AppData\Local\Temp\0922fea26944593fe03c878eb24ee7c320b4d89ae097f9d0cc1071e9241eb6c7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 304
  2⤵
  - Program crash
  PID:2752

memory/2472-0-0x0000000000400000-0x00000000016B4000-memory.dmp

Filesize
18.7MB

Download
memory/2472-1-0x00000000066F0000-0x0000000006AB2000-memory.dmp

Filesize
3.8MB

Download
memory/2472-3-0x00000000066F0000-0x0000000006AB2000-memory.dmp

Filesize
3.8MB

Download
memory/2472-6-0x00000000066F0000-0x0000000006AB2000-memory.dmp

Filesize
3.8MB

Download
memory/2472-10-0x00000000066F0000-0x0000000006AB2000-memory.dmp

Filesize
3.8MB

Download
memory/2472-14-0x00000000066F0000-0x0000000006AB2000-memory.dmp

Filesize
3.8MB

Download
memory/2472-18-0x00000000066F0000-0x0000000006AB2000-memory.dmp

Filesize
3.8MB

Download
memory/2472-22-0x00000000066F0000-0x0000000006AB2000-memory.dmp

Filesize
3.8MB

Download
memory/2472-25-0x00000000066F0000-0x0000000006AB2000-memory.dmp

Filesize
3.8MB

Download
memory/2472-26-0x00000000066F0000-0x0000000006AB2000-memory.dmp

Filesize
3.8MB

Download
memory/2472-27-0x00000000066F0000-0x0000000006AB2000-memory.dmp

Filesize
3.8MB

Download
memory/2472-28-0x00000000066F0000-0x0000000006AB2000-memory.dmp

Filesize
3.8MB

Download
memory/2472-29-0x0000000000400000-0x00000000016B4000-memory.dmp

Filesize
18.7MB

Download