b0adaaf0affdf6a04b29db623f74030a5b7e43b238f1d51cc720baaa1bb4963f

Analysis

max time kernel
122s
max time network
135s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 07:47

Target

f8b04b38e2c941657114b67a47aee8993a3f0d7e080eeb31fb681bf360546722.exe
Size

404KB
MD5

5351a3b41e9215c5af05580ee1a85ef5
SHA1

2ba5d490f2f8d78e17f978eb72e1480ed1f407ca
SHA256

f8b04b38e2c941657114b67a47aee8993a3f0d7e080eeb31fb681bf360546722
SHA512

bbaee0e96d7f4de6c230cf5a7fb0f6f74a81015ce8d8492bf5904305b079edec7b4d634da84405715710aa3ae5bb1a239c53100818eb12401b87d20b2d78b762
SSDEEP

12288:9OpQST2RhRJR42rqze5wgXLyiMnWO31TRta6G:9OpQSKqNKOg2iMnJ5Rt

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2648	2176	WerFault.exe	9

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2648	2176	f8b04b38e2c941657114b67a47aee8993a3f0d7e080eeb31fb681bf360546722.exe	28
PID 2176 wrote to memory of 2648	2176	f8b04b38e2c941657114b67a47aee8993a3f0d7e080eeb31fb681bf360546722.exe	28
PID 2176 wrote to memory of 2648	2176	f8b04b38e2c941657114b67a47aee8993a3f0d7e080eeb31fb681bf360546722.exe	28
PID 2176 wrote to memory of 2648	2176	f8b04b38e2c941657114b67a47aee8993a3f0d7e080eeb31fb681bf360546722.exe	28

C:\Users\Admin\AppData\Local\Temp\f8b04b38e2c941657114b67a47aee8993a3f0d7e080eeb31fb681bf360546722.exe
"C:\Users\Admin\AppData\Local\Temp\f8b04b38e2c941657114b67a47aee8993a3f0d7e080eeb31fb681bf360546722.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 772
  2⤵
  - Program crash
  PID:2648