b7912f673e4a4450ede3c95e16a4c01c55d09d12308e1ff64a48c860844d80e7

Analysis

max time kernel
150s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 08:00

Target

b7912f673e4a4450ede3c95e16a4c01c55d09d12308e1ff64a48c860844d80e7.exe
Size

158KB
MD5

506a6310164dcb1d7de910edd3038e1f
SHA1

674382a09bdd98863ef26a4f3c9df51af914e9ad
SHA256

b7912f673e4a4450ede3c95e16a4c01c55d09d12308e1ff64a48c860844d80e7
SHA512

8bcc51ed6edd2090dc6acd76880e53f0c2cbe98887756069572c2a74e67861f9d9daa9be8393187237ea8630aed76df1a58809b4aa588f417566a39d378a416f
SSDEEP

3072:AEVbl7t7UX5YIjfdyZ92Qs7/cnfgb4PthgvmQE4Tg3AgSmrsFyaI:ZVbl7mXZjfdpkfDgvfFe/g

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4248	1332	WerFault.exe	81
3124	1332	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 4248	1332	b7912f673e4a4450ede3c95e16a4c01c55d09d12308e1ff64a48c860844d80e7.exe	83
PID 1332 wrote to memory of 4248	1332	b7912f673e4a4450ede3c95e16a4c01c55d09d12308e1ff64a48c860844d80e7.exe	83
PID 1332 wrote to memory of 4248	1332	b7912f673e4a4450ede3c95e16a4c01c55d09d12308e1ff64a48c860844d80e7.exe	83

C:\Users\Admin\AppData\Local\Temp\b7912f673e4a4450ede3c95e16a4c01c55d09d12308e1ff64a48c860844d80e7.exe
"C:\Users\Admin\AppData\Local\Temp\b7912f673e4a4450ede3c95e16a4c01c55d09d12308e1ff64a48c860844d80e7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 308
  2⤵
  - Program crash
  PID:4248
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 308
  2⤵
  - Program crash
  PID:3124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1332 -ip 1332
1⤵
PID:972