d9f134400d12ae92877e2d4edfc21b158ce6d992624f2bc538dd797c6105d206

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 07:55

Target

d9f134400d12ae92877e2d4edfc21b158ce6d992624f2bc538dd797c6105d206.exe
Size

84KB
MD5

d1409c310d73ceddf1490c184ae14856
SHA1

bf16a54541958ff9b7a0b797b56cb1e41ce9088d
SHA256

d9f134400d12ae92877e2d4edfc21b158ce6d992624f2bc538dd797c6105d206
SHA512

6e4d67d3fb5361bf7110bfdf6c8380bbda1f97879cda4e18a9ef4df531db19e8739b08714fd603191a17c57da9d02a392df77a8205e783151353758f4f32b59c
SSDEEP

1536:iJ0+g8VXj9A1QDLTez3PyFNxZeLqxa+3IXUgAYB1gEfEvKwYwfZ:iC+g8VXjOSa7POxQU73IkCBmWEvKgZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1952	896	WerFault.exe	18

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 896 wrote to memory of 1952	896	d9f134400d12ae92877e2d4edfc21b158ce6d992624f2bc538dd797c6105d206.exe	28
PID 896 wrote to memory of 1952	896	d9f134400d12ae92877e2d4edfc21b158ce6d992624f2bc538dd797c6105d206.exe	28
PID 896 wrote to memory of 1952	896	d9f134400d12ae92877e2d4edfc21b158ce6d992624f2bc538dd797c6105d206.exe	28
PID 896 wrote to memory of 1952	896	d9f134400d12ae92877e2d4edfc21b158ce6d992624f2bc538dd797c6105d206.exe	28

C:\Users\Admin\AppData\Local\Temp\d9f134400d12ae92877e2d4edfc21b158ce6d992624f2bc538dd797c6105d206.exe
"C:\Users\Admin\AppData\Local\Temp\d9f134400d12ae92877e2d4edfc21b158ce6d992624f2bc538dd797c6105d206.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:896
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 92
  2⤵
  - Program crash
  PID:1952