d230c9e3c9c4619bc903a77330148301c3268a7b43078e5341169eef7cea026a

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
16/12/2022, 04:24

Target

d230c9e3c9c4619bc903a77330148301c3268a7b43078e5341169eef7cea026a.exe
Size

88KB
MD5

22cef2b2c78a427d90556596aae1b53e
SHA1

24d94e36148aca01a5f02aab8862a08c4a57cb61
SHA256

d230c9e3c9c4619bc903a77330148301c3268a7b43078e5341169eef7cea026a
SHA512

0b00ce51c656309447179411b6b199852ebe1439429f00fce33e4c3357757c67f2869a9e9da9e4effddb30d4ef23966d71e488e9c71903545704f9a8f318aadf
SSDEEP

1536:N+2/XWuTGim9RcUb0ecy1u8psd9xtKa7ZAA08PrbfYIQ:Y9m8psRtKaVAgDBQ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1400	1204	WerFault.exe	22

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 1400	1204	d230c9e3c9c4619bc903a77330148301c3268a7b43078e5341169eef7cea026a.exe	28
PID 1204 wrote to memory of 1400	1204	d230c9e3c9c4619bc903a77330148301c3268a7b43078e5341169eef7cea026a.exe	28
PID 1204 wrote to memory of 1400	1204	d230c9e3c9c4619bc903a77330148301c3268a7b43078e5341169eef7cea026a.exe	28
PID 1204 wrote to memory of 1400	1204	d230c9e3c9c4619bc903a77330148301c3268a7b43078e5341169eef7cea026a.exe	28

C:\Users\Admin\AppData\Local\Temp\d230c9e3c9c4619bc903a77330148301c3268a7b43078e5341169eef7cea026a.exe
"C:\Users\Admin\AppData\Local\Temp\d230c9e3c9c4619bc903a77330148301c3268a7b43078e5341169eef7cea026a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 96
  2⤵
  - Program crash
  PID:1400