ecc92697f5c1a2b3b0da69964b6603ae67c848b572379cc2a3c0a48c14cee9dc

Analysis

max time kernel
2s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 15:59

Target

ecc92697f5c1a2b3b0da69964b6603ae67c848b572379cc2a3c0a48c14cee9dc.exe
Size

272KB
MD5

5620d477fef3133bef6b1d75657357bd
SHA1

d038dd31fbfc5f9f31467d9b2228620794db3ccd
SHA256

ecc92697f5c1a2b3b0da69964b6603ae67c848b572379cc2a3c0a48c14cee9dc
SHA512

d16374bd7712f39fdee24d74def883b2f563332df8a3dbab2608a3e91152a0690824473556b192a9fe9b9e5302f21bde5f7234ca9e047dbbf479f1cc0e799de8
SSDEEP

384:XS3qeSPPH4S3qeSPPHGWektJDVZTWaHz9eq:EqeWPrqeWPmWBTDVZTPR5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1992	2028	WerFault.exe	11

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1992	2028	ecc92697f5c1a2b3b0da69964b6603ae67c848b572379cc2a3c0a48c14cee9dc.exe	28
PID 2028 wrote to memory of 1992	2028	ecc92697f5c1a2b3b0da69964b6603ae67c848b572379cc2a3c0a48c14cee9dc.exe	28
PID 2028 wrote to memory of 1992	2028	ecc92697f5c1a2b3b0da69964b6603ae67c848b572379cc2a3c0a48c14cee9dc.exe	28
PID 2028 wrote to memory of 1992	2028	ecc92697f5c1a2b3b0da69964b6603ae67c848b572379cc2a3c0a48c14cee9dc.exe	28

C:\Users\Admin\AppData\Local\Temp\ecc92697f5c1a2b3b0da69964b6603ae67c848b572379cc2a3c0a48c14cee9dc.exe
"C:\Users\Admin\AppData\Local\Temp\ecc92697f5c1a2b3b0da69964b6603ae67c848b572379cc2a3c0a48c14cee9dc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 36
  2⤵
  - Program crash
  PID:1992