7aa8889e4ddef75d37b74b982d29f5760e6199105e62bc01a0c772da90411be6

Analysis

max time kernel
33s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-09-2022 20:33

Target

7aa8889e4ddef75d37b74b982d29f5760e6199105e62bc01a0c772da90411be6.exe
Size

56KB
MD5

6b63d9caf7418ee3b91217d80aab6b17
SHA1

953a8a2dd6535a85d23bb50e95333ec3ce98bef2
SHA256

7aa8889e4ddef75d37b74b982d29f5760e6199105e62bc01a0c772da90411be6
SHA512

e9991943e3aa4bbe61172b5532ea0456ad5f538771da95a9ba3b0ced6c1d3b1e143981c47eb15f89cf084679470e72ff5e964854300ff48b0311a259bea5dd92
SSDEEP

1536:WwXDbyqXWFh+5RO7ygbeGwelwrrTmE89BZ0RSb:WEDeqmO5ROWZxrrTmHDZjb

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1556	1268	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1268 wrote to memory of 1556	1268	7aa8889e4ddef75d37b74b982d29f5760e6199105e62bc01a0c772da90411be6.exe	26
PID 1268 wrote to memory of 1556	1268	7aa8889e4ddef75d37b74b982d29f5760e6199105e62bc01a0c772da90411be6.exe	26
PID 1268 wrote to memory of 1556	1268	7aa8889e4ddef75d37b74b982d29f5760e6199105e62bc01a0c772da90411be6.exe	26
PID 1268 wrote to memory of 1556	1268	7aa8889e4ddef75d37b74b982d29f5760e6199105e62bc01a0c772da90411be6.exe	26

C:\Users\Admin\AppData\Local\Temp\7aa8889e4ddef75d37b74b982d29f5760e6199105e62bc01a0c772da90411be6.exe
"C:\Users\Admin\AppData\Local\Temp\7aa8889e4ddef75d37b74b982d29f5760e6199105e62bc01a0c772da90411be6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 36
  2⤵
  - Program crash
  PID:1556