edf8e923197a28bc3777408f828ae934e3a94d020230d93b04408118908d4222

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
21/11/2023, 11:05

Target

edf8e923197a28bc3777408f828ae934e3a94d020230d93b04408118908d4222.exe
Size

1.6MB
MD5

981548b433b87389e486c12ad948570f
SHA1

faeaf19103f0c8be3ff5ab08d04d439b474dbb95
SHA256

edf8e923197a28bc3777408f828ae934e3a94d020230d93b04408118908d4222
SHA512

add83e3ce0fec3ed90b38e700b23ff8a9838bf68b4e1a10c6305c4e5ee20c4c7c7fce50f7a18a0fdf01a1e3b09f6200edf29b3436f93c87534fd3b4036565b65
SSDEEP

24576:6rRAFAjaODEV0BqVT53xZmAnAG8eNIvITcWFt7GaDbU2giIjjyHFS8gee:i2WjaODyTfqeCvIrFt7VbU2g7jygee

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2192	2108	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2192	2108	edf8e923197a28bc3777408f828ae934e3a94d020230d93b04408118908d4222.exe	28
PID 2108 wrote to memory of 2192	2108	edf8e923197a28bc3777408f828ae934e3a94d020230d93b04408118908d4222.exe	28
PID 2108 wrote to memory of 2192	2108	edf8e923197a28bc3777408f828ae934e3a94d020230d93b04408118908d4222.exe	28
PID 2108 wrote to memory of 2192	2108	edf8e923197a28bc3777408f828ae934e3a94d020230d93b04408118908d4222.exe	28

C:\Users\Admin\AppData\Local\Temp\edf8e923197a28bc3777408f828ae934e3a94d020230d93b04408118908d4222.exe
"C:\Users\Admin\AppData\Local\Temp\edf8e923197a28bc3777408f828ae934e3a94d020230d93b04408118908d4222.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 172
  2⤵
  - Program crash
  PID:2192