e1391ea55c88847465aeb6b2810e5fcb88dad97c1f7c3a5b7947c8050501fbd1

Analysis

max time kernel
35s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 13:18

Target

e1391ea55c88847465aeb6b2810e5fcb88dad97c1f7c3a5b7947c8050501fbd1.exe
Size

54KB
MD5

6c530d184c6353e1b1b60b2c9cd601a0
SHA1

306a97c418ea8c0a460d9d18b9bf4784e5102902
SHA256

e1391ea55c88847465aeb6b2810e5fcb88dad97c1f7c3a5b7947c8050501fbd1
SHA512

dfd523f1039e9574f7a83981b36b61a99b88142fb79faee906d7fb8149dd2c298af55ac76c9c60dc5b11fe215071fde761b9abf3fe5de9f75131616f6cc73c96
SSDEEP

768:EOG7lW7DHhCrQ9leFdRheLYa3n6Ngd+6gC2:2hW7LhYYobMYDt

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
832	576	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 576 wrote to memory of 832	576	e1391ea55c88847465aeb6b2810e5fcb88dad97c1f7c3a5b7947c8050501fbd1.exe	26
PID 576 wrote to memory of 832	576	e1391ea55c88847465aeb6b2810e5fcb88dad97c1f7c3a5b7947c8050501fbd1.exe	26
PID 576 wrote to memory of 832	576	e1391ea55c88847465aeb6b2810e5fcb88dad97c1f7c3a5b7947c8050501fbd1.exe	26
PID 576 wrote to memory of 832	576	e1391ea55c88847465aeb6b2810e5fcb88dad97c1f7c3a5b7947c8050501fbd1.exe	26

C:\Users\Admin\AppData\Local\Temp\e1391ea55c88847465aeb6b2810e5fcb88dad97c1f7c3a5b7947c8050501fbd1.exe
"C:\Users\Admin\AppData\Local\Temp\e1391ea55c88847465aeb6b2810e5fcb88dad97c1f7c3a5b7947c8050501fbd1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:576
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 36
  2⤵
  - Program crash
  PID:832