85550b7acb72ca951eee4ec9fa6bd49ae7cf1c82ddbc106ecf9c5956944ee198

Analysis

max time kernel
2s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 05:59

Target

85550b7acb72ca951eee4ec9fa6bd49ae7cf1c82ddbc106ecf9c5956944ee198.exe
Size

56KB
MD5

1c206df00d291c9214744a477fe0ebe7
SHA1

ecab01648084ca2c430a4c9ce0185fb111658bc3
SHA256

85550b7acb72ca951eee4ec9fa6bd49ae7cf1c82ddbc106ecf9c5956944ee198
SHA512

7fb09be4f842f0a1453d6c862fe0d4c3d477f463381b9a73282560d87bb13382091a43a18784a2e794f9937804414654f60cab4cee5d2d5ac248a6c663b9d396
SSDEEP

1536:NHLJYF/FxhxwBkKp4zPAsrnY0f23EBYzUEF0EszKgH:NetdwSKaDA8fAEYzUEF0ZWu

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1668	2032	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 1668	2032	85550b7acb72ca951eee4ec9fa6bd49ae7cf1c82ddbc106ecf9c5956944ee198.exe	27
PID 2032 wrote to memory of 1668	2032	85550b7acb72ca951eee4ec9fa6bd49ae7cf1c82ddbc106ecf9c5956944ee198.exe	27
PID 2032 wrote to memory of 1668	2032	85550b7acb72ca951eee4ec9fa6bd49ae7cf1c82ddbc106ecf9c5956944ee198.exe	27
PID 2032 wrote to memory of 1668	2032	85550b7acb72ca951eee4ec9fa6bd49ae7cf1c82ddbc106ecf9c5956944ee198.exe	27

C:\Users\Admin\AppData\Local\Temp\85550b7acb72ca951eee4ec9fa6bd49ae7cf1c82ddbc106ecf9c5956944ee198.exe
"C:\Users\Admin\AppData\Local\Temp\85550b7acb72ca951eee4ec9fa6bd49ae7cf1c82ddbc106ecf9c5956944ee198.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 36
  2⤵
  - Program crash
  PID:1668