b619930b5bff3e1bbeacc1ff5c7fceb33ba5f536588fd9bec967cccf18d7d99a

Analysis

max time kernel
24s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 12:51

Target

b619930b5bff3e1bbeacc1ff5c7fceb33ba5f536588fd9bec967cccf18d7d99a.exe
Size

243KB
MD5

97af7f189a2c1dcee64c08bece12fb62
SHA1

0c0f9f405cab16269770dc10052f8941672d42a0
SHA256

b619930b5bff3e1bbeacc1ff5c7fceb33ba5f536588fd9bec967cccf18d7d99a
SHA512

1bf9e57a4077c1fab5766c463429a101ed1b12601ba347eb336febb76599179a0a8bd94117bb5466fc5b412a52b9629bad3a152efdf4199911018ca1090da33e
SSDEEP

1536:tbT0VzJQrFxnRLbtij7PpyJ01dqOo32YciAS:1T0NJ4FfbQj7PkqdqO3YcK

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
836	964	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 964 wrote to memory of 836	964	b619930b5bff3e1bbeacc1ff5c7fceb33ba5f536588fd9bec967cccf18d7d99a.exe	28
PID 964 wrote to memory of 836	964	b619930b5bff3e1bbeacc1ff5c7fceb33ba5f536588fd9bec967cccf18d7d99a.exe	28
PID 964 wrote to memory of 836	964	b619930b5bff3e1bbeacc1ff5c7fceb33ba5f536588fd9bec967cccf18d7d99a.exe	28
PID 964 wrote to memory of 836	964	b619930b5bff3e1bbeacc1ff5c7fceb33ba5f536588fd9bec967cccf18d7d99a.exe	28

C:\Users\Admin\AppData\Local\Temp\b619930b5bff3e1bbeacc1ff5c7fceb33ba5f536588fd9bec967cccf18d7d99a.exe
"C:\Users\Admin\AppData\Local\Temp\b619930b5bff3e1bbeacc1ff5c7fceb33ba5f536588fd9bec967cccf18d7d99a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 36
  2⤵
  - Program crash
  PID:836