e3d6dabe0f2ab56c69ef69382b35f61d32d0d2ac2262c7ef9cc184f552764f91

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 00:33

Target

e3d6dabe0f2ab56c69ef69382b35f61d32d0d2ac2262c7ef9cc184f552764f91.exe
Size

235KB
MD5

038f81cf4a408a747de1df8c45e8f7aa
SHA1

8a456b6a9c7b2735cc09f9ea661dda1243f7d907
SHA256

e3d6dabe0f2ab56c69ef69382b35f61d32d0d2ac2262c7ef9cc184f552764f91
SHA512

2f27fa372941813dbb2cbf88b37ee5321eb1e38404a185ccc0849ce25c33c33d3e2e2eceb3f1b0f58c3582b03fd7ac00cd535e5d48dcc44a83307edd6242c73a
SSDEEP

3072:6V1ZBJ0GCpw5sANR4Cpw5RCpw5sANRVANRVANRO:6VlJ4w5sy1w5Kw5sy/y/yg

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1536	1756	WerFault.exe	21

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 1536	1756	e3d6dabe0f2ab56c69ef69382b35f61d32d0d2ac2262c7ef9cc184f552764f91.exe	27
PID 1756 wrote to memory of 1536	1756	e3d6dabe0f2ab56c69ef69382b35f61d32d0d2ac2262c7ef9cc184f552764f91.exe	27
PID 1756 wrote to memory of 1536	1756	e3d6dabe0f2ab56c69ef69382b35f61d32d0d2ac2262c7ef9cc184f552764f91.exe	27
PID 1756 wrote to memory of 1536	1756	e3d6dabe0f2ab56c69ef69382b35f61d32d0d2ac2262c7ef9cc184f552764f91.exe	27

C:\Users\Admin\AppData\Local\Temp\e3d6dabe0f2ab56c69ef69382b35f61d32d0d2ac2262c7ef9cc184f552764f91.exe
"C:\Users\Admin\AppData\Local\Temp\e3d6dabe0f2ab56c69ef69382b35f61d32d0d2ac2262c7ef9cc184f552764f91.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 92
  2⤵
  - Program crash
  PID:1536