835acff87c3dd2c2f3a17650f3fbe06c6b0ac00851c490f2683e1f4e5bc9a4e7

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/02/2024, 16:32

Target

835acff87c3dd2c2f3a17650f3fbe06c6b0ac00851c490f2683e1f4e5bc9a4e7.exe
Size

5KB
MD5

2cc73ff5483d013d6880cf54ac92b05c
SHA1

2795dd3575905e594888fae5f012f7b648f45fa2
SHA256

835acff87c3dd2c2f3a17650f3fbe06c6b0ac00851c490f2683e1f4e5bc9a4e7
SHA512

570d29175df0a665df305f4dc40ff48573df28895211898dba89cbcb36cefcd2dd59cadf30fc7a38d605934fff21e13ed7664d2e635837b26965a786de92f388
SSDEEP

48:SBqlXWFPpT+dXVfzZh4yMGcKzMEkTaak4PAZivO2pB42pBdvMZL2R7tMRuqSxp:xWLkFfNnOKYloIQ2pm2pbYSYxE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2196	1944	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 2196	1944	835acff87c3dd2c2f3a17650f3fbe06c6b0ac00851c490f2683e1f4e5bc9a4e7.exe	28
PID 1944 wrote to memory of 2196	1944	835acff87c3dd2c2f3a17650f3fbe06c6b0ac00851c490f2683e1f4e5bc9a4e7.exe	28
PID 1944 wrote to memory of 2196	1944	835acff87c3dd2c2f3a17650f3fbe06c6b0ac00851c490f2683e1f4e5bc9a4e7.exe	28
PID 1944 wrote to memory of 2196	1944	835acff87c3dd2c2f3a17650f3fbe06c6b0ac00851c490f2683e1f4e5bc9a4e7.exe	28

C:\Users\Admin\AppData\Local\Temp\835acff87c3dd2c2f3a17650f3fbe06c6b0ac00851c490f2683e1f4e5bc9a4e7.exe
"C:\Users\Admin\AppData\Local\Temp\835acff87c3dd2c2f3a17650f3fbe06c6b0ac00851c490f2683e1f4e5bc9a4e7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 48
  2⤵
  - Program crash
  PID:2196