afda287311936448d91c4f903c75c077b2241eef97c3987aba9496f7b3503d9f

Analysis

max time kernel
247s
max time network
332s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 17:01

Target

afda287311936448d91c4f903c75c077b2241eef97c3987aba9496f7b3503d9f.exe
Size

119KB
MD5

df402bac830c3e416d2324c22be54e82
SHA1

0bc1bc1df75843b2ff00a2092c51fc0593cf9f7d
SHA256

afda287311936448d91c4f903c75c077b2241eef97c3987aba9496f7b3503d9f
SHA512

5f6d0203b775963778943d16e67e19a2c8a546ab576d2c3ddce38463dd366458c837cb73082aadef3439bb683663aa89d0600c76edc2809062a5b7b3e29b9918
SSDEEP

768:eAljE5n8/bn+Kwhlr8HnxhW5sk1jtf2vfv6n5:u5neEhlcTW5sk1jtf2Xv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1240	700	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 700 wrote to memory of 1240	700	afda287311936448d91c4f903c75c077b2241eef97c3987aba9496f7b3503d9f.exe	28
PID 700 wrote to memory of 1240	700	afda287311936448d91c4f903c75c077b2241eef97c3987aba9496f7b3503d9f.exe	28
PID 700 wrote to memory of 1240	700	afda287311936448d91c4f903c75c077b2241eef97c3987aba9496f7b3503d9f.exe	28
PID 700 wrote to memory of 1240	700	afda287311936448d91c4f903c75c077b2241eef97c3987aba9496f7b3503d9f.exe	28

C:\Users\Admin\AppData\Local\Temp\afda287311936448d91c4f903c75c077b2241eef97c3987aba9496f7b3503d9f.exe
"C:\Users\Admin\AppData\Local\Temp\afda287311936448d91c4f903c75c077b2241eef97c3987aba9496f7b3503d9f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:700
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 36
  2⤵
  - Program crash
  PID:1240