c765b9a26b8a92bf034895b5135412c5d1a423371bfef77e2ec866b8446295c3

Analysis

max time kernel
35s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 05:15

Target

c765b9a26b8a92bf034895b5135412c5d1a423371bfef77e2ec866b8446295c3.exe
Size

345KB
MD5

536c89300188e67d869a859f67464e01
SHA1

aaf63bd9ab445fd44820c40afd731d6e76e1c2dd
SHA256

c765b9a26b8a92bf034895b5135412c5d1a423371bfef77e2ec866b8446295c3
SHA512

b9b3a25f5de0e6d9bdcba29bf67e1c29a9d445bd2cc59998d2feaaab058d6e8c69f768b6b94d36542f1d475c17db49083ebc8c6d10d121e3f937afbf2f0ce232
SSDEEP

6144:8QL31wcm6Eldl4QhL4ko7pnL0aZgY8q1Mlpvf1qJ8d/TYKg/IXE:NrQ6ElBhdKdZgYmfQJ8d/T

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2000	1944	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 2000	1944	c765b9a26b8a92bf034895b5135412c5d1a423371bfef77e2ec866b8446295c3.exe	26
PID 1944 wrote to memory of 2000	1944	c765b9a26b8a92bf034895b5135412c5d1a423371bfef77e2ec866b8446295c3.exe	26
PID 1944 wrote to memory of 2000	1944	c765b9a26b8a92bf034895b5135412c5d1a423371bfef77e2ec866b8446295c3.exe	26
PID 1944 wrote to memory of 2000	1944	c765b9a26b8a92bf034895b5135412c5d1a423371bfef77e2ec866b8446295c3.exe	26

C:\Users\Admin\AppData\Local\Temp\c765b9a26b8a92bf034895b5135412c5d1a423371bfef77e2ec866b8446295c3.exe
"C:\Users\Admin\AppData\Local\Temp\c765b9a26b8a92bf034895b5135412c5d1a423371bfef77e2ec866b8446295c3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 88
  2⤵
  - Program crash
  PID:2000