abdf3434d9b4f2e20ba16201b4542a3545c0e340b831d161df210ce3642667f8

Analysis

max time kernel
31s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
07/12/2022, 03:24

Target

abdf3434d9b4f2e20ba16201b4542a3545c0e340b831d161df210ce3642667f8.exe
Size

121KB
MD5

4dcde0032902aaa23e7b1fb2e97e7294
SHA1

58eb88a34cded6b32aa046cb2e46a241d475c113
SHA256

abdf3434d9b4f2e20ba16201b4542a3545c0e340b831d161df210ce3642667f8
SHA512

a43d99bf633733631efe81428f616f17cd9baecc6f8b76398533dcb0d48cea7c75b3a5a2610c8f19eef29083918b61f3d363773070059fcf11caf37d2ed9e5db
SSDEEP

3072:nBR3akobAZQ1cogUI2pdwlsV1jvPM6nTmr:nr342GjI2p6ALPrnTm

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
572	1696	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 572	1696	abdf3434d9b4f2e20ba16201b4542a3545c0e340b831d161df210ce3642667f8.exe	28
PID 1696 wrote to memory of 572	1696	abdf3434d9b4f2e20ba16201b4542a3545c0e340b831d161df210ce3642667f8.exe	28
PID 1696 wrote to memory of 572	1696	abdf3434d9b4f2e20ba16201b4542a3545c0e340b831d161df210ce3642667f8.exe	28
PID 1696 wrote to memory of 572	1696	abdf3434d9b4f2e20ba16201b4542a3545c0e340b831d161df210ce3642667f8.exe	28

C:\Users\Admin\AppData\Local\Temp\abdf3434d9b4f2e20ba16201b4542a3545c0e340b831d161df210ce3642667f8.exe
"C:\Users\Admin\AppData\Local\Temp\abdf3434d9b4f2e20ba16201b4542a3545c0e340b831d161df210ce3642667f8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 92
  2⤵
  - Program crash
  PID:572