dd909cc20ed414abc5e8e883b9a575dd225580ff9ade585fdd669f3cdc960ef4

Analysis

max time kernel
4s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 04:33

Target

dd909cc20ed414abc5e8e883b9a575dd225580ff9ade585fdd669f3cdc960ef4.exe
Size

8KB
MD5

778664ffcd8c5c5eb7c39833c6fa2bc5
SHA1

1603ee5952c3c2ac20e00d91c97b7ee56ee4721f
SHA256

dd909cc20ed414abc5e8e883b9a575dd225580ff9ade585fdd669f3cdc960ef4
SHA512

aef5d01b45ebfd4d009a73e9b437e9a666b2a502f910debcb577a283abc678217491eb8f9606c2c14ad27a13fda9ddbb9a4c57f9289a491f843a5235d31a1dd9
SSDEEP

192:TUmGA+YW0Qa/t8WCYwaCdxLT59d1MwbK3XYxIgAmT+Wr:TUmG27z/eFYwaI5T5L8IxIgA6x

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1776	1780	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 1776	1780	dd909cc20ed414abc5e8e883b9a575dd225580ff9ade585fdd669f3cdc960ef4.exe	28
PID 1780 wrote to memory of 1776	1780	dd909cc20ed414abc5e8e883b9a575dd225580ff9ade585fdd669f3cdc960ef4.exe	28
PID 1780 wrote to memory of 1776	1780	dd909cc20ed414abc5e8e883b9a575dd225580ff9ade585fdd669f3cdc960ef4.exe	28
PID 1780 wrote to memory of 1776	1780	dd909cc20ed414abc5e8e883b9a575dd225580ff9ade585fdd669f3cdc960ef4.exe	28

C:\Users\Admin\AppData\Local\Temp\dd909cc20ed414abc5e8e883b9a575dd225580ff9ade585fdd669f3cdc960ef4.exe
"C:\Users\Admin\AppData\Local\Temp\dd909cc20ed414abc5e8e883b9a575dd225580ff9ade585fdd669f3cdc960ef4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 36
  2⤵
  - Program crash
  PID:1776