31f59b66817a0fe7c2369812ba68fdb9a5b7e0a7c527cb0fa04cf02ba7197bc7

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/11/2022, 01:40

Target

31f59b66817a0fe7c2369812ba68fdb9a5b7e0a7c527cb0fa04cf02ba7197bc7.exe
Size

155KB
MD5

db9e830800f25d2d05b8af479110580e
SHA1

1698a61d4d2e9140577d6a120b7f5ae0baf4766a
SHA256

31f59b66817a0fe7c2369812ba68fdb9a5b7e0a7c527cb0fa04cf02ba7197bc7
SHA512

cca8bed0e87b2a2ba382b96e493bd1e64e4a13559f4d5f22a8df7063858f6a09e456f9b84d293dfda89925a8482dc4c4ac2e9eb217749edbd0045e6b7ecab21e
SSDEEP

3072:S5K/B0toLbSNJ0lxwsx89TSdBgjMqqDL2/TOKoXG:ScytwGPTTSdBgQqqDL6SKp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1748	1484	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 1748	1484	31f59b66817a0fe7c2369812ba68fdb9a5b7e0a7c527cb0fa04cf02ba7197bc7.exe	27
PID 1484 wrote to memory of 1748	1484	31f59b66817a0fe7c2369812ba68fdb9a5b7e0a7c527cb0fa04cf02ba7197bc7.exe	27
PID 1484 wrote to memory of 1748	1484	31f59b66817a0fe7c2369812ba68fdb9a5b7e0a7c527cb0fa04cf02ba7197bc7.exe	27
PID 1484 wrote to memory of 1748	1484	31f59b66817a0fe7c2369812ba68fdb9a5b7e0a7c527cb0fa04cf02ba7197bc7.exe	27

C:\Users\Admin\AppData\Local\Temp\31f59b66817a0fe7c2369812ba68fdb9a5b7e0a7c527cb0fa04cf02ba7197bc7.exe
"C:\Users\Admin\AppData\Local\Temp\31f59b66817a0fe7c2369812ba68fdb9a5b7e0a7c527cb0fa04cf02ba7197bc7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 88
  2⤵
  - Program crash
  PID:1748