e6ed20151677a7041abf7f9f6e34e96935896044a6d4ce7905b5a9d7a67843b4

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 13:55

Target

e6ed20151677a7041abf7f9f6e34e96935896044a6d4ce7905b5a9d7a67843b4.exe
Size

158KB
MD5

102ec32d232a3f04aed896632f8a3a19
SHA1

f5988a4aec0818b4f846e3c87d61250095fd255c
SHA256

e6ed20151677a7041abf7f9f6e34e96935896044a6d4ce7905b5a9d7a67843b4
SHA512

fc4de6a8bdee054ed1d96f60834bb3aaa09a4edeed04f4386529a52433946122d0cc74caceb552acd2ab929a14b4680299117a7aa91965711d75b8d06f677462
SSDEEP

3072:+dslef2IizJHNggKbOjV0pS/IFV3lbNaYIptb2LCE0cs45zrIQf:+dslOgK3ZpjI/b2Lh0c9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2004	948	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 2004	948	e6ed20151677a7041abf7f9f6e34e96935896044a6d4ce7905b5a9d7a67843b4.exe	28
PID 948 wrote to memory of 2004	948	e6ed20151677a7041abf7f9f6e34e96935896044a6d4ce7905b5a9d7a67843b4.exe	28
PID 948 wrote to memory of 2004	948	e6ed20151677a7041abf7f9f6e34e96935896044a6d4ce7905b5a9d7a67843b4.exe	28
PID 948 wrote to memory of 2004	948	e6ed20151677a7041abf7f9f6e34e96935896044a6d4ce7905b5a9d7a67843b4.exe	28

C:\Users\Admin\AppData\Local\Temp\e6ed20151677a7041abf7f9f6e34e96935896044a6d4ce7905b5a9d7a67843b4.exe
"C:\Users\Admin\AppData\Local\Temp\e6ed20151677a7041abf7f9f6e34e96935896044a6d4ce7905b5a9d7a67843b4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 68
  2⤵
  - Program crash
  PID:2004