bd777288bfe8702e730bf458ddfcde47a2a9b8456dbc079a3b27159e809f0e37

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
30/08/2023, 19:33

Target

bd777288bfe8702e730bf458ddfcde47a2a9b8456dbc079a3b27159e809f0e37.exe
Size

6KB
MD5

ccc97fa2133e7c9f134cafe80cfd45f6
SHA1

283ed680a9ad0d9a455a647e0c0146f59dff78d6
SHA256

bd777288bfe8702e730bf458ddfcde47a2a9b8456dbc079a3b27159e809f0e37
SHA512

36a7bf16dcc90be033c6c0c2658072d52fff790031003b99b3082fe5c76a2142d54b41657a7e8af0adaba381f7568833e9ea35ee0c102f211e4df42dbe732710
SSDEEP

48:Ssbt0S4FVgCp471Ib4Fc/38+N7DYocHa23WlTpebVetFygFI5a2oxdVoZiG/9uEO:V0mIGnFc/38+N4ZHJWSY9FI5WqFx

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2512	2772	WerFault.exe	15

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2512	2772	bd777288bfe8702e730bf458ddfcde47a2a9b8456dbc079a3b27159e809f0e37.exe	28
PID 2772 wrote to memory of 2512	2772	bd777288bfe8702e730bf458ddfcde47a2a9b8456dbc079a3b27159e809f0e37.exe	28
PID 2772 wrote to memory of 2512	2772	bd777288bfe8702e730bf458ddfcde47a2a9b8456dbc079a3b27159e809f0e37.exe	28

C:\Users\Admin\AppData\Local\Temp\bd777288bfe8702e730bf458ddfcde47a2a9b8456dbc079a3b27159e809f0e37.exe
"C:\Users\Admin\AppData\Local\Temp\bd777288bfe8702e730bf458ddfcde47a2a9b8456dbc079a3b27159e809f0e37.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2772 -s 32
  2⤵
  - Program crash
  PID:2512