f26cf43537840382d2b327515c245c7c29d8eb44f77bd040de4ea62eda8786db

Analysis

max time kernel
2s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
28-11-2022 04:41

Target

f26cf43537840382d2b327515c245c7c29d8eb44f77bd040de4ea62eda8786db.exe
Size

100KB
MD5

6b0b6ae2aeb03a1cb962b5ed690a5132
SHA1

fed03c88c7aec596c8bcca408097d847ee6ece9d
SHA256

f26cf43537840382d2b327515c245c7c29d8eb44f77bd040de4ea62eda8786db
SHA512

37afa1c0c7f3370e8540bb10a8bce0d35c30b1ae7eb07636ab914e29ede089b60f29e04a20cd9355043a1b7571940ef274ab99ab09373edaaa5cfb8551d5203b
SSDEEP

1536:czERHsg4SCnuG4sUKBuj9VQWbMRruXFGEyeWWT9ccVaK0A59GgxsE/U6AZWAVJaC:WlDWbMpu1GEyex9AXA5lO6OYobePUUWz

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1512	1552	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 1512	1552	f26cf43537840382d2b327515c245c7c29d8eb44f77bd040de4ea62eda8786db.exe	28
PID 1552 wrote to memory of 1512	1552	f26cf43537840382d2b327515c245c7c29d8eb44f77bd040de4ea62eda8786db.exe	28
PID 1552 wrote to memory of 1512	1552	f26cf43537840382d2b327515c245c7c29d8eb44f77bd040de4ea62eda8786db.exe	28
PID 1552 wrote to memory of 1512	1552	f26cf43537840382d2b327515c245c7c29d8eb44f77bd040de4ea62eda8786db.exe	28

C:\Users\Admin\AppData\Local\Temp\f26cf43537840382d2b327515c245c7c29d8eb44f77bd040de4ea62eda8786db.exe
"C:\Users\Admin\AppData\Local\Temp\f26cf43537840382d2b327515c245c7c29d8eb44f77bd040de4ea62eda8786db.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 88
  2⤵
  - Program crash
  PID:1512