393b10aac7f59b3d7a146c654a24777d4b48648c3d8b842754de1ba58b1d5490

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-10-2022 03:18

Target

393B10AAC7F59B3D7A146C654A24777D4B48648C3D8B8.exe
Size

419KB
MD5

36199d74da34290f87be389bb6bb9515
SHA1

7d997bf1fc79f9d9cb1a5c47b721a7f1e310a4ff
SHA256

393b10aac7f59b3d7a146c654a24777d4b48648c3d8b842754de1ba58b1d5490
SHA512

7b7dcb98e36fed88e22435832a8dc604845a463ed82058c1cdbe060839f9926d772cc219890a5f55ef2cbf42cc2037f6404840f0124fbdf27e6820e5ec6b272f
SSDEEP

12288:p051XAB4MzIbYyOrCKuBBPcn/txkAWQEho:p+1XAB4wIbfJlcn1xkjh

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

880 1044 WerFault.exe 393B10AAC7F59B3D7A146C654A24777D4B48648C3D8B8.exe

pid	pid_target	process	target process
880	1044	WerFault.exe	393B10AAC7F59B3D7A146C654A24777D4B48648C3D8B8.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

393B10AAC7F59B3D7A146C654A24777D4B48648C3D8B8.exe

description	pid	process	target process
PID 1044 wrote to memory of 880	1044	393B10AAC7F59B3D7A146C654A24777D4B48648C3D8B8.exe	WerFault.exe
PID 1044 wrote to memory of 880	1044	393B10AAC7F59B3D7A146C654A24777D4B48648C3D8B8.exe	WerFault.exe
PID 1044 wrote to memory of 880	1044	393B10AAC7F59B3D7A146C654A24777D4B48648C3D8B8.exe	WerFault.exe
PID 1044 wrote to memory of 880	1044	393B10AAC7F59B3D7A146C654A24777D4B48648C3D8B8.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\393B10AAC7F59B3D7A146C654A24777D4B48648C3D8B8.exe
"C:\Users\Admin\AppData\Local\Temp\393B10AAC7F59B3D7A146C654A24777D4B48648C3D8B8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 540
2⤵
- Program crash
PID:880

memory/880-55-0x0000000000000000-mapping.dmp

Download
memory/1044-54-0x0000000000B40000-0x0000000000BB0000-memory.dmp

Filesize
448KB

Download