b63f130bb42d0fb68d536c5278fe522c892b428ecc45b06ecdb91c8a062e3509

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 08:32

Target

b63f130bb42d0fb68d536c5278fe522c892b428ecc45b06ecdb91c8a062e3509.exe
Size

24KB
MD5

31e7c8eb6acb8a522098d4dec88285c9
SHA1

2b0223498564e4c8c11214e5a201d1bbada5d3df
SHA256

b63f130bb42d0fb68d536c5278fe522c892b428ecc45b06ecdb91c8a062e3509
SHA512

a53f8835411d17048d8fffdb73e12f01d4fe670b2e48d64828f08f5417a7556fb1ebecd3694824ba5a3a94dae19f81a558fa739f7d4ba6cab72f00ef6bfb44a0
SSDEEP

384:mpo/HQGptXCt1QMMMMMMMMMMMN88888Qb8O0:yoYUy1QMMMMMMMMMMMN88888Q/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
840	1000	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1000 wrote to memory of 840	1000	b63f130bb42d0fb68d536c5278fe522c892b428ecc45b06ecdb91c8a062e3509.exe	27
PID 1000 wrote to memory of 840	1000	b63f130bb42d0fb68d536c5278fe522c892b428ecc45b06ecdb91c8a062e3509.exe	27
PID 1000 wrote to memory of 840	1000	b63f130bb42d0fb68d536c5278fe522c892b428ecc45b06ecdb91c8a062e3509.exe	27
PID 1000 wrote to memory of 840	1000	b63f130bb42d0fb68d536c5278fe522c892b428ecc45b06ecdb91c8a062e3509.exe	27

C:\Users\Admin\AppData\Local\Temp\b63f130bb42d0fb68d536c5278fe522c892b428ecc45b06ecdb91c8a062e3509.exe
"C:\Users\Admin\AppData\Local\Temp\b63f130bb42d0fb68d536c5278fe522c892b428ecc45b06ecdb91c8a062e3509.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 48
  2⤵
  - Program crash
  PID:840