a49bd1b74a7a8a570032ba6aaf34044e260fefb2d4012a15f2a2b06abef21fe1

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
03/09/2023, 01:07

Target

8f66a9149d62c7a6c8a5e1256c9343eb.exe
Size

8.7MB
MD5

8f66a9149d62c7a6c8a5e1256c9343eb
SHA1

de0b7cfeff7381d36ac129c4ff3b5684da7c9ba3
SHA256

a49bd1b74a7a8a570032ba6aaf34044e260fefb2d4012a15f2a2b06abef21fe1
SHA512

3b2e86444126d097ed4be61b01efc54d354c42fb163d22270809033e0c79e327e2ad8221f5eef3bb3a05afeda88ad6ed16b78e96c6f1f785a1388e9edad512ba
SSDEEP

196608:3ueZVVizoTMt/XGusECmLeprgLB+S4DGdi5RqtcY3A6U3HlZGQZ4oPp:llizqMxCm6Gtdur5oSx3XGQX

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1948	2196	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 1948	2196	8f66a9149d62c7a6c8a5e1256c9343eb.exe	28
PID 2196 wrote to memory of 1948	2196	8f66a9149d62c7a6c8a5e1256c9343eb.exe	28
PID 2196 wrote to memory of 1948	2196	8f66a9149d62c7a6c8a5e1256c9343eb.exe	28

C:\Users\Admin\AppData\Local\Temp\8f66a9149d62c7a6c8a5e1256c9343eb.exe
"C:\Users\Admin\AppData\Local\Temp\8f66a9149d62c7a6c8a5e1256c9343eb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2196 -s 92
  2⤵
  - Program crash
  PID:1948