1296e7819273e00264a82dea1a4c0bc782f4b1f212fd7e78990a7220f715e3bc

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/11/2022, 00:32

Target

1436-64-0x0000000000400000-0x000000000042F000-memory.exe
Size

188KB
MD5

d6b87aa9694071792eaaa9f48d533600
SHA1

66a77ddee143540a74912f39d99aaf83726f9dcf
SHA256

1296e7819273e00264a82dea1a4c0bc782f4b1f212fd7e78990a7220f715e3bc
SHA512

99797011698fe497753e71ae4c7b12ae95f2443dd425f910d11b46100c1f131f7408273aff83aaa87adbc458cf9dc105f7a5de6661be7f43c6ed5072df5105af
SSDEEP

3072:IqbG0xS3xYLFA1pWZ66oUO6Pj+EJdAjzlTg7ul3dwt3/m+S42M6a9SBZue:lFkhou186h0jBXGzl87C3Ct3uh/cuue

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1560	1344	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 1560	1344	1436-64-0x0000000000400000-0x000000000042F000-memory.exe	26
PID 1344 wrote to memory of 1560	1344	1436-64-0x0000000000400000-0x000000000042F000-memory.exe	26
PID 1344 wrote to memory of 1560	1344	1436-64-0x0000000000400000-0x000000000042F000-memory.exe	26
PID 1344 wrote to memory of 1560	1344	1436-64-0x0000000000400000-0x000000000042F000-memory.exe	26

C:\Users\Admin\AppData\Local\Temp\1436-64-0x0000000000400000-0x000000000042F000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\1436-64-0x0000000000400000-0x000000000042F000-memory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 36
  2⤵
  - Program crash
  PID:1560