a214b699da8b364acdac5c777f8ea37b959d2b1f7480c419fedc4de32ea27c54

Analysis

max time kernel
39s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 06:21

Target

a214b699da8b364acdac5c777f8ea37b959d2b1f7480c419fedc4de32ea27c54.exe
Size

23KB
MD5

0ffafe9aeecc1637f9aff566ff1e4181
SHA1

e1526a5228f026e71c18870bbe027fddde45051a
SHA256

a214b699da8b364acdac5c777f8ea37b959d2b1f7480c419fedc4de32ea27c54
SHA512

7c3e2146dedc885e1be25651512a8f5d5c6536f7440ddc63d57f75b9ee1b616546025e41a330446991e5ce671af05b9734c1a063f7f071149a152ef3d8a40930
SSDEEP

384:80jbz0jF7n2/g2q5n9Bc4lPjTOkcsR7SVFLUpMfzvUp4nTwn5sEJ:pjbzE2E5n9NlPzWIpKDYSTE53

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
916	1848	WerFault.exe	21

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 916	1848	a214b699da8b364acdac5c777f8ea37b959d2b1f7480c419fedc4de32ea27c54.exe	28
PID 1848 wrote to memory of 916	1848	a214b699da8b364acdac5c777f8ea37b959d2b1f7480c419fedc4de32ea27c54.exe	28
PID 1848 wrote to memory of 916	1848	a214b699da8b364acdac5c777f8ea37b959d2b1f7480c419fedc4de32ea27c54.exe	28
PID 1848 wrote to memory of 916	1848	a214b699da8b364acdac5c777f8ea37b959d2b1f7480c419fedc4de32ea27c54.exe	28

C:\Users\Admin\AppData\Local\Temp\a214b699da8b364acdac5c777f8ea37b959d2b1f7480c419fedc4de32ea27c54.exe
"C:\Users\Admin\AppData\Local\Temp\a214b699da8b364acdac5c777f8ea37b959d2b1f7480c419fedc4de32ea27c54.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 36
  2⤵
  - Program crash
  PID:916