dca9c944e29591313837e8334a1ee6b7e3eadb421a883c2462151ce5d48b2404

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 05:57

Target

dca9c944e29591313837e8334a1ee6b7e3eadb421a883c2462151ce5d48b2404.exe
Size

596KB
MD5

67b7fab88ad3aeb4bac4d208a9f725d8
SHA1

186a3a7a97c765b7750a4e7a9c027c96eb50223c
SHA256

dca9c944e29591313837e8334a1ee6b7e3eadb421a883c2462151ce5d48b2404
SHA512

288ce7c533d43b5dd9ac41131379a507411e4210277c650a7531ab864984f233ce3dd70ab03eb647a075f289c107500abd5528305a2226cc351dd184f33e12e2
SSDEEP

12288:lK0t+88gYjDkyKigF2/kdrYIzMI5nzvoAIwjTJA/n5g:l5wXlxKLjd0fIpPPi5g

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
964	1184	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 964	1184	dca9c944e29591313837e8334a1ee6b7e3eadb421a883c2462151ce5d48b2404.exe	26
PID 1184 wrote to memory of 964	1184	dca9c944e29591313837e8334a1ee6b7e3eadb421a883c2462151ce5d48b2404.exe	26
PID 1184 wrote to memory of 964	1184	dca9c944e29591313837e8334a1ee6b7e3eadb421a883c2462151ce5d48b2404.exe	26
PID 1184 wrote to memory of 964	1184	dca9c944e29591313837e8334a1ee6b7e3eadb421a883c2462151ce5d48b2404.exe	26

C:\Users\Admin\AppData\Local\Temp\dca9c944e29591313837e8334a1ee6b7e3eadb421a883c2462151ce5d48b2404.exe
"C:\Users\Admin\AppData\Local\Temp\dca9c944e29591313837e8334a1ee6b7e3eadb421a883c2462151ce5d48b2404.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 44
  2⤵
  - Program crash
  PID:964