0f94f064fc5fe9b38a51773a18c80b46b8a4a2e3efa0c26443ba3b3f544c79ae

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-02-2024 22:01

Target

87c5565fc7254623178c789e8623f2e1.exe
Size

12KB
MD5

87c5565fc7254623178c789e8623f2e1
SHA1

10bf7be7bac83ccfdabec0337785b058f84adc1c
SHA256

0f94f064fc5fe9b38a51773a18c80b46b8a4a2e3efa0c26443ba3b3f544c79ae
SHA512

e4df7ae9d9926908199aec90c5fde97ba8a732e4f0672c96b6ae1c7df4d420d8418093e24500442a6a3f7304cc7f515cd9e7bebd2ae87f64cff5e64035e6486a
SSDEEP

96:cYBGrFsMSnIDuNXRumwh8dYsIsOKLjyD090W71yQtQKQYQ:cKO6NuZhMBtYi57MQjQYQ

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2632 1768 WerFault.exe 87c5565fc7254623178c789e8623f2e1.exe

pid	pid_target	process	target process
2632	1768	WerFault.exe	87c5565fc7254623178c789e8623f2e1.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

87c5565fc7254623178c789e8623f2e1.exe

description	pid	process	target process
PID 1768 wrote to memory of 2632	1768	87c5565fc7254623178c789e8623f2e1.exe	WerFault.exe
PID 1768 wrote to memory of 2632	1768	87c5565fc7254623178c789e8623f2e1.exe	WerFault.exe
PID 1768 wrote to memory of 2632	1768	87c5565fc7254623178c789e8623f2e1.exe	WerFault.exe
PID 1768 wrote to memory of 2632	1768	87c5565fc7254623178c789e8623f2e1.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\87c5565fc7254623178c789e8623f2e1.exe
"C:\Users\Admin\AppData\Local\Temp\87c5565fc7254623178c789e8623f2e1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 88
2⤵
- Program crash
PID:2632