0c66aa039efc18292a8be34483d98914139f04ff53d01566383f204384b72adf

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/10/2022, 20:26

Target

0c66aa039efc18292a8be34483d98914139f04ff53d01566383f204384b72adf.exe
Size

112KB
MD5

6edbcbabef8b33f1e926f77304386040
SHA1

0a9ca8937fc315a18c34d39d57f5ffa9dd979511
SHA256

0c66aa039efc18292a8be34483d98914139f04ff53d01566383f204384b72adf
SHA512

b2f3de8f0de397ecd262cbd2fca179aa5194118c89ccba4c701f4a824fd06e4ca1815ff82778a4eafa076b0be15244d92c474832fe63b7de6eb7b96644382173
SSDEEP

3072:af5a6Ekn4SdI7RohSSPzBmnas3I+usaHZvlgCRs0Gb/:asmn4SdI9ohfPzIaH+Za5iCkr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1696	852	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 1696	852	0c66aa039efc18292a8be34483d98914139f04ff53d01566383f204384b72adf.exe	27
PID 852 wrote to memory of 1696	852	0c66aa039efc18292a8be34483d98914139f04ff53d01566383f204384b72adf.exe	27
PID 852 wrote to memory of 1696	852	0c66aa039efc18292a8be34483d98914139f04ff53d01566383f204384b72adf.exe	27
PID 852 wrote to memory of 1696	852	0c66aa039efc18292a8be34483d98914139f04ff53d01566383f204384b72adf.exe	27

C:\Users\Admin\AppData\Local\Temp\0c66aa039efc18292a8be34483d98914139f04ff53d01566383f204384b72adf.exe
"C:\Users\Admin\AppData\Local\Temp\0c66aa039efc18292a8be34483d98914139f04ff53d01566383f204384b72adf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:852
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 136
  2⤵
  - Program crash
  PID:1696