ddb0aa14f00f562d9e8a3356fded94ee24d458a6fe11269df63ec6844274e43c

Analysis

max time kernel
18s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
10-04-2023 06:06

Target

1014/a1bc51a927820ad2328796b65ccd80f44d7d51287f9febd7f7dc4fb6d2a38167.exe
Size

137KB
MD5

fea2d33d87a03bf25ae6254378a45f5f
SHA1

33bfff1a0dbe5e4d1dfefbd6a68f31a63af771c1
SHA256

a1bc51a927820ad2328796b65ccd80f44d7d51287f9febd7f7dc4fb6d2a38167
SHA512

000aae3cb32bcf5e306c90df700a520d927292877f6d91501e6c5fa0b87394facf8922b88b9a1fe79be5b16e705e7e0624af018a94808630f872a395bd9a0cf8
SSDEEP

3072:xBiBQROBhUZ+F+XZzlD05wVME57izZxEQvuyM7m0Bnn7mS9z3A8m7:7XRaUoFKZzaCVr7iXuAM3hm7

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1164 1688 WerFault.exe a1bc51a927820ad2328796b65ccd80f44d7d51287f9febd7f7dc4fb6d2a38167.exe

pid	pid_target	process	target process
1164	1688	WerFault.exe	a1bc51a927820ad2328796b65ccd80f44d7d51287f9febd7f7dc4fb6d2a38167.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

a1bc51a927820ad2328796b65ccd80f44d7d51287f9febd7f7dc4fb6d2a38167.exe

description	pid	process	target process
PID 1688 wrote to memory of 1164	1688	a1bc51a927820ad2328796b65ccd80f44d7d51287f9febd7f7dc4fb6d2a38167.exe	WerFault.exe
PID 1688 wrote to memory of 1164	1688	a1bc51a927820ad2328796b65ccd80f44d7d51287f9febd7f7dc4fb6d2a38167.exe	WerFault.exe
PID 1688 wrote to memory of 1164	1688	a1bc51a927820ad2328796b65ccd80f44d7d51287f9febd7f7dc4fb6d2a38167.exe	WerFault.exe
PID 1688 wrote to memory of 1164	1688	a1bc51a927820ad2328796b65ccd80f44d7d51287f9febd7f7dc4fb6d2a38167.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\1014\a1bc51a927820ad2328796b65ccd80f44d7d51287f9febd7f7dc4fb6d2a38167.exe
"C:\Users\Admin\AppData\Local\Temp\1014\a1bc51a927820ad2328796b65ccd80f44d7d51287f9febd7f7dc4fb6d2a38167.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 192
2⤵
- Program crash
PID:1164