8eabe0360145b8727648102d5228a30494df91325330c40432b813926bb20018

Analysis

max time kernel
36s
max time network
78s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 06:44

Target

8eabe0360145b8727648102d5228a30494df91325330c40432b813926bb20018.exe
Size

120KB
MD5

194207fe1c5bcd102b1c790fa1e71cf9
SHA1

d93049b30f82ff04e5f5edec5070b2444cb4da8f
SHA256

8eabe0360145b8727648102d5228a30494df91325330c40432b813926bb20018
SHA512

6cbf91c64e0d99a3c35d76de74e168a204805288cb02b4a4a387845c8bfae216d4ab828327098f6b2eb7b345f1e1800a654a91281821755b33fd88517f7536e8
SSDEEP

768:trVROfNmqX7TeLe17o4Rnc0V0W0CrVROfNm+ugF9C2iQvcXMZBex:trK77qYpc0VZPrKhRi6cXMZQ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1880	1976	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1880	1976	8eabe0360145b8727648102d5228a30494df91325330c40432b813926bb20018.exe	26
PID 1976 wrote to memory of 1880	1976	8eabe0360145b8727648102d5228a30494df91325330c40432b813926bb20018.exe	26
PID 1976 wrote to memory of 1880	1976	8eabe0360145b8727648102d5228a30494df91325330c40432b813926bb20018.exe	26
PID 1976 wrote to memory of 1880	1976	8eabe0360145b8727648102d5228a30494df91325330c40432b813926bb20018.exe	26

C:\Users\Admin\AppData\Local\Temp\8eabe0360145b8727648102d5228a30494df91325330c40432b813926bb20018.exe
"C:\Users\Admin\AppData\Local\Temp\8eabe0360145b8727648102d5228a30494df91325330c40432b813926bb20018.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 36
  2⤵
  - Program crash
  PID:1880