bcfa3a24c488b71f36b9443184240e59c1b80dee4b5987eb35d5117c4bf9e62f

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
05-11-2023 16:40

Target

bcfa3a24c488b71f36b9443184240e59c1b80dee4b5987eb35d5117c4bf9e62f.exe
Size

456KB
MD5

3412d6a5bec77793cf199cf2f2886a43
SHA1

604fa197356ed9d52173ff1a3f150fec883db6fb
SHA256

bcfa3a24c488b71f36b9443184240e59c1b80dee4b5987eb35d5117c4bf9e62f
SHA512

1be0ef6648fbf1c8b61860230c887da99213f2e64ada6c6a1b214dbe32e7ada4a385ead1b65a2d6457854fb18145bde381ae535d3ad30b6b75b504be8f21667d
SSDEEP

12288:Yz/A958v6/KestdGZXByT9C2hEAx9vsX9rWtH:Ys9ZdUdGZxyZCsLs1WtH

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2316	2888	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2316	2888	bcfa3a24c488b71f36b9443184240e59c1b80dee4b5987eb35d5117c4bf9e62f.exe	28
PID 2888 wrote to memory of 2316	2888	bcfa3a24c488b71f36b9443184240e59c1b80dee4b5987eb35d5117c4bf9e62f.exe	28
PID 2888 wrote to memory of 2316	2888	bcfa3a24c488b71f36b9443184240e59c1b80dee4b5987eb35d5117c4bf9e62f.exe	28
PID 2888 wrote to memory of 2316	2888	bcfa3a24c488b71f36b9443184240e59c1b80dee4b5987eb35d5117c4bf9e62f.exe	28

C:\Users\Admin\AppData\Local\Temp\bcfa3a24c488b71f36b9443184240e59c1b80dee4b5987eb35d5117c4bf9e62f.exe
"C:\Users\Admin\AppData\Local\Temp\bcfa3a24c488b71f36b9443184240e59c1b80dee4b5987eb35d5117c4bf9e62f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 96
  2⤵
  - Program crash
  PID:2316