67a1cc8b1386f584d806a9d166329a371eae1540e040397ed09facf657784754

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 07:57

Target

67a1cc8b1386f584d806a9d166329a371eae1540e040397ed09facf657784754.exe
Size

190KB
MD5

668a6b0bc41dd6a0b73812cc9f88dc70
SHA1

df925847ebb3409462e35e5ea45c32a8b59cf5a1
SHA256

67a1cc8b1386f584d806a9d166329a371eae1540e040397ed09facf657784754
SHA512

696c017ea81b2d18f84c2d22de81f55944cb818748ceebc4f5494bfc62ee45d6229a385928ee40d16a2eb695e4996727672f51348db3db98c55ed748a397f2f6
SSDEEP

3072:0P4FJYI3wIPthmNdPS/g87SAWYIT47MFdhMceV9dl8SNHWSJvfk3Gn7KmtoVYGXy:ZJYIPDms2APt7M/hMcMsYvfpoVYOs3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1808	1368	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 1808	1368	67a1cc8b1386f584d806a9d166329a371eae1540e040397ed09facf657784754.exe	27
PID 1368 wrote to memory of 1808	1368	67a1cc8b1386f584d806a9d166329a371eae1540e040397ed09facf657784754.exe	27
PID 1368 wrote to memory of 1808	1368	67a1cc8b1386f584d806a9d166329a371eae1540e040397ed09facf657784754.exe	27
PID 1368 wrote to memory of 1808	1368	67a1cc8b1386f584d806a9d166329a371eae1540e040397ed09facf657784754.exe	27

C:\Users\Admin\AppData\Local\Temp\67a1cc8b1386f584d806a9d166329a371eae1540e040397ed09facf657784754.exe
"C:\Users\Admin\AppData\Local\Temp\67a1cc8b1386f584d806a9d166329a371eae1540e040397ed09facf657784754.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 84
  2⤵
  - Program crash
  PID:1808