b8a8060efe4ea74aaa4e1a985d2a65b6c226d48002cb858ec9c0702c1eb89af5

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 13:16

Target

b8a8060efe4ea74aaa4e1a985d2a65b6c226d48002cb858ec9c0702c1eb89af5.exe
Size

507KB
MD5

f63229af7e7918667de2e76daa2a0bfe
SHA1

c6d9ecf38bc49dc47c815971b8b13d98824808ff
SHA256

b8a8060efe4ea74aaa4e1a985d2a65b6c226d48002cb858ec9c0702c1eb89af5
SHA512

4e356ab8ca32d1310391722e81c288e1a5a5f9ed33d9a1115d5f7ed2748a2b88161e96148acd8d00698438a19aa298f949427eac6c4fcf27bb2eff0f53a716eb
SSDEEP

6144:5mmJnGvAtV9W0OcbB1VfMcU8l3XYe+L9kp8anBQNgkTRwDmWoB6CGqOf1H1tsNBS:mvAty0VOH8RYe+LBzNwaWoUg18Jpfd

Score

8^/10

Drops file in Drivers directory 1 IoCs

Processes:

b8a8060efe4ea74aaa4e1a985d2a65b6c226d48002cb858ec9c0702c1eb89af5.exe

description	ioc	process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	b8a8060efe4ea74aaa4e1a985d2a65b6c226d48002cb858ec9c0702c1eb89af5.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1108 1112 WerFault.exe b8a8060efe4ea74aaa4e1a985d2a65b6c226d48002cb858ec9c0702c1eb89af5.exe

pid	pid_target	process	target process
1108	1112	WerFault.exe	b8a8060efe4ea74aaa4e1a985d2a65b6c226d48002cb858ec9c0702c1eb89af5.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

b8a8060efe4ea74aaa4e1a985d2a65b6c226d48002cb858ec9c0702c1eb89af5.exe

description	pid	process	target process
PID 1112 wrote to memory of 1108	1112	b8a8060efe4ea74aaa4e1a985d2a65b6c226d48002cb858ec9c0702c1eb89af5.exe	WerFault.exe
PID 1112 wrote to memory of 1108	1112	b8a8060efe4ea74aaa4e1a985d2a65b6c226d48002cb858ec9c0702c1eb89af5.exe	WerFault.exe
PID 1112 wrote to memory of 1108	1112	b8a8060efe4ea74aaa4e1a985d2a65b6c226d48002cb858ec9c0702c1eb89af5.exe	WerFault.exe
PID 1112 wrote to memory of 1108	1112	b8a8060efe4ea74aaa4e1a985d2a65b6c226d48002cb858ec9c0702c1eb89af5.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\b8a8060efe4ea74aaa4e1a985d2a65b6c226d48002cb858ec9c0702c1eb89af5.exe
"C:\Users\Admin\AppData\Local\Temp\b8a8060efe4ea74aaa4e1a985d2a65b6c226d48002cb858ec9c0702c1eb89af5.exe"
1⤵
- Drops file in Drivers directory
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 188
  2⤵
  - Program crash
  PID:1108