8b991f76cb430ccee42be33dfb2a7884fa0b570b6b5c26c5ff7d4cb30a63fd6d

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 14:08

Target

8b991f76cb430ccee42be33dfb2a7884fa0b570b6b5c26c5ff7d4cb30a63fd6d.exe
Size

41KB
MD5

6af63d795abbd38025364a0a4708ebe0
SHA1

a2e1c4a1943d1f2139d1e20a42ee4b4a0b28c1cf
SHA256

8b991f76cb430ccee42be33dfb2a7884fa0b570b6b5c26c5ff7d4cb30a63fd6d
SHA512

c6a932a2303681c3fb5fa9ea331ec363d0041b75f8a07acc2e66fec54cf0d3dbfe8b9434768250f900b9f3d232e33c69d8b61be2cbaf650c2578415b794bfb8d
SSDEEP

768:b3zuoR/ybigbGcBh0ugYOKsYpGOGfECBMQkxitANhwpNWjIr2:b3z/xgwu77szBIitgwp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1236	948	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 1236	948	8b991f76cb430ccee42be33dfb2a7884fa0b570b6b5c26c5ff7d4cb30a63fd6d.exe	27
PID 948 wrote to memory of 1236	948	8b991f76cb430ccee42be33dfb2a7884fa0b570b6b5c26c5ff7d4cb30a63fd6d.exe	27
PID 948 wrote to memory of 1236	948	8b991f76cb430ccee42be33dfb2a7884fa0b570b6b5c26c5ff7d4cb30a63fd6d.exe	27
PID 948 wrote to memory of 1236	948	8b991f76cb430ccee42be33dfb2a7884fa0b570b6b5c26c5ff7d4cb30a63fd6d.exe	27

C:\Users\Admin\AppData\Local\Temp\8b991f76cb430ccee42be33dfb2a7884fa0b570b6b5c26c5ff7d4cb30a63fd6d.exe
"C:\Users\Admin\AppData\Local\Temp\8b991f76cb430ccee42be33dfb2a7884fa0b570b6b5c26c5ff7d4cb30a63fd6d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 36
  2⤵
  - Program crash
  PID:1236