bb0cdb072d57a379813386d60d4c49addedf36997983ffe8873a6563eba94acc

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15/07/2023, 13:42

Target

bb0cdb072d57a379813386d60d4c49addedf36997983ffe8873a6563eba94acc.exe
Size

462KB
MD5

976b0ffacf02090a6acd9d0fb366d016
SHA1

b72464b85d691a7f73b18f69187517bbf7cee57e
SHA256

bb0cdb072d57a379813386d60d4c49addedf36997983ffe8873a6563eba94acc
SHA512

d2d02520d7f8ecc6decaf858a2edeb1571c9b4d760ec080042ecbabd8510155dcd2a056d447a8e54232dce0bb27791c000c34edb297febaf235e0adc119f3614
SSDEEP

12288:KsPQamysBzFl7iP23mnAH9+F1CNeQ3b5nPz:TIW23yAHsaeQ3b5r

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1936	1400	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 1936	1400	bb0cdb072d57a379813386d60d4c49addedf36997983ffe8873a6563eba94acc.exe	29
PID 1400 wrote to memory of 1936	1400	bb0cdb072d57a379813386d60d4c49addedf36997983ffe8873a6563eba94acc.exe	29
PID 1400 wrote to memory of 1936	1400	bb0cdb072d57a379813386d60d4c49addedf36997983ffe8873a6563eba94acc.exe	29

C:\Users\Admin\AppData\Local\Temp\bb0cdb072d57a379813386d60d4c49addedf36997983ffe8873a6563eba94acc.exe
"C:\Users\Admin\AppData\Local\Temp\bb0cdb072d57a379813386d60d4c49addedf36997983ffe8873a6563eba94acc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1400 -s 36
  2⤵
  - Program crash
  PID:1936