d0fa6db9b49712229d63111ace4d1980c61d0409d91af23945252a49d34b98b9

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 03:27

Target

d0fa6db9b49712229d63111ace4d1980c61d0409d91af23945252a49d34b98b9.exe
Size

782KB
MD5

3688f8d0a2a06a2766e5c1fa3af0fe3a
SHA1

bb274a4df2d6ca87962e4adeaabb1a2a8fc7019f
SHA256

d0fa6db9b49712229d63111ace4d1980c61d0409d91af23945252a49d34b98b9
SHA512

b1a923dbc3be430ed6d30a6c8cc4c17b67b09ae0c8668f0ba73e3a02d1e6ebccede32ced1aea4cd48e910e812f898a45539d934598c7af4a6c239670c1199d7b
SSDEEP

12288:q/x6eupBHuhReiETAFpen/8dWHmVPlZfvBnRTg9FSZg44CetgrwGTFCr:qZ6eGZoScFp+aO0lZ3oFJ7nG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1568	968	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 1568	968	d0fa6db9b49712229d63111ace4d1980c61d0409d91af23945252a49d34b98b9.exe	27
PID 968 wrote to memory of 1568	968	d0fa6db9b49712229d63111ace4d1980c61d0409d91af23945252a49d34b98b9.exe	27
PID 968 wrote to memory of 1568	968	d0fa6db9b49712229d63111ace4d1980c61d0409d91af23945252a49d34b98b9.exe	27
PID 968 wrote to memory of 1568	968	d0fa6db9b49712229d63111ace4d1980c61d0409d91af23945252a49d34b98b9.exe	27

C:\Users\Admin\AppData\Local\Temp\d0fa6db9b49712229d63111ace4d1980c61d0409d91af23945252a49d34b98b9.exe
"C:\Users\Admin\AppData\Local\Temp\d0fa6db9b49712229d63111ace4d1980c61d0409d91af23945252a49d34b98b9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:968
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 192
  2⤵
  - Program crash
  PID:1568