36a3ddf37a6b699bb51e1a0688f649c8a2e522bc7ce4d876bd7fddd572cc8b3f

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 18:48

Target

36a3ddf37a6b699bb51e1a0688f649c8a2e522bc7ce4d876bd7fddd572cc8b3f.exe
Size

89KB
MD5

e53ea613d3d97469b3db3dddbb2acb78
SHA1

440273a06bd3ccea9cc0f34b1c655e4530aa4095
SHA256

36a3ddf37a6b699bb51e1a0688f649c8a2e522bc7ce4d876bd7fddd572cc8b3f
SHA512

6d808137a7329ab3cdf3f13feb1e8838ada0421a66cfed0deba9f7d2865bf6fc4c20a363def971d9c3d41fb4d854e7ebd52f94d6c0b3acbd52a21255b6ca9793
SSDEEP

1536:2RfUmDYFcjt+zkJetFdDGY/oTR8QOT9888888888888W88888888888Bv:2RfUmDhdwVGYeRc9888888888888W88c

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
888	1528	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 888	1528	36a3ddf37a6b699bb51e1a0688f649c8a2e522bc7ce4d876bd7fddd572cc8b3f.exe	28
PID 1528 wrote to memory of 888	1528	36a3ddf37a6b699bb51e1a0688f649c8a2e522bc7ce4d876bd7fddd572cc8b3f.exe	28
PID 1528 wrote to memory of 888	1528	36a3ddf37a6b699bb51e1a0688f649c8a2e522bc7ce4d876bd7fddd572cc8b3f.exe	28
PID 1528 wrote to memory of 888	1528	36a3ddf37a6b699bb51e1a0688f649c8a2e522bc7ce4d876bd7fddd572cc8b3f.exe	28

C:\Users\Admin\AppData\Local\Temp\36a3ddf37a6b699bb51e1a0688f649c8a2e522bc7ce4d876bd7fddd572cc8b3f.exe
"C:\Users\Admin\AppData\Local\Temp\36a3ddf37a6b699bb51e1a0688f649c8a2e522bc7ce4d876bd7fddd572cc8b3f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 132
  2⤵
  - Program crash
  PID:888