ba30b7c4d83903b3b11aaaf8119eb3e5f523c9730420981381db1b9f5e618eea

Analysis

max time kernel
38s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23/11/2022, 22:08

Target

ba30b7c4d83903b3b11aaaf8119eb3e5f523c9730420981381db1b9f5e618eea.exe
Size

233KB
MD5

42ca7e1b273eeabcd6166a06a83fbd60
SHA1

59cd7e45339158d994fd6a7ac37b28c6e4ddf452
SHA256

ba30b7c4d83903b3b11aaaf8119eb3e5f523c9730420981381db1b9f5e618eea
SHA512

1d550bec8fff068e308b9d63d73f4f9cdc0da2f2353abc0dfd6c0576bc970bbcdfefbcf12e53e58a6aa23716867f5d3ca36af38b573871260f11441c61ec5082
SSDEEP

6144:3yLwCwV8w3y/i/PBrE8PsDfxc9skZerJTuN:3ypOtBrE8Yf5kw

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1892	1160	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 1892	1160	ba30b7c4d83903b3b11aaaf8119eb3e5f523c9730420981381db1b9f5e618eea.exe	26
PID 1160 wrote to memory of 1892	1160	ba30b7c4d83903b3b11aaaf8119eb3e5f523c9730420981381db1b9f5e618eea.exe	26
PID 1160 wrote to memory of 1892	1160	ba30b7c4d83903b3b11aaaf8119eb3e5f523c9730420981381db1b9f5e618eea.exe	26
PID 1160 wrote to memory of 1892	1160	ba30b7c4d83903b3b11aaaf8119eb3e5f523c9730420981381db1b9f5e618eea.exe	26

C:\Users\Admin\AppData\Local\Temp\ba30b7c4d83903b3b11aaaf8119eb3e5f523c9730420981381db1b9f5e618eea.exe
"C:\Users\Admin\AppData\Local\Temp\ba30b7c4d83903b3b11aaaf8119eb3e5f523c9730420981381db1b9f5e618eea.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 152
  2⤵
  - Program crash
  PID:1892