a641e69413c37a5d45d683f46dbd7d0b7f55a7544d7bccbdc508546de0df06c8

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 21:28

Target

a641e69413c37a5d45d683f46dbd7d0b7f55a7544d7bccbdc508546de0df06c8.exe
Size

75KB
MD5

4458da4dd409fbd1cc1623f023e6d060
SHA1

677de8246f75c24a6e54ced3d3420be96d9053f6
SHA256

a641e69413c37a5d45d683f46dbd7d0b7f55a7544d7bccbdc508546de0df06c8
SHA512

28cbd978418775507bc0ff54be00ed85356376d5a139107827b203d99edc714ffdc0b237c94eacdef0064d1d68e5a34fb29fcf72d3bd800cad5351870ee12e1e
SSDEEP

1536:q2ovFZgnKEACw3i9pdd0GktwQUyMa6LawzHXFOzTm4I9f7jo4y:qZkKEACHXdhkiQU3wwzH1OY9f7ly

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1160 1720 WerFault.exe a641e69413c37a5d45d683f46dbd7d0b7f55a7544d7bccbdc508546de0df06c8.exe

pid	pid_target	process	target process
1160	1720	WerFault.exe	a641e69413c37a5d45d683f46dbd7d0b7f55a7544d7bccbdc508546de0df06c8.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

a641e69413c37a5d45d683f46dbd7d0b7f55a7544d7bccbdc508546de0df06c8.exe

description	pid	process	target process
PID 1720 wrote to memory of 1160	1720	a641e69413c37a5d45d683f46dbd7d0b7f55a7544d7bccbdc508546de0df06c8.exe	WerFault.exe
PID 1720 wrote to memory of 1160	1720	a641e69413c37a5d45d683f46dbd7d0b7f55a7544d7bccbdc508546de0df06c8.exe	WerFault.exe
PID 1720 wrote to memory of 1160	1720	a641e69413c37a5d45d683f46dbd7d0b7f55a7544d7bccbdc508546de0df06c8.exe	WerFault.exe
PID 1720 wrote to memory of 1160	1720	a641e69413c37a5d45d683f46dbd7d0b7f55a7544d7bccbdc508546de0df06c8.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\a641e69413c37a5d45d683f46dbd7d0b7f55a7544d7bccbdc508546de0df06c8.exe
"C:\Users\Admin\AppData\Local\Temp\a641e69413c37a5d45d683f46dbd7d0b7f55a7544d7bccbdc508546de0df06c8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 200
2⤵
- Program crash
PID:1160

memory/1160-55-0x0000000000000000-mapping.dmp

Download
memory/1720-54-0x00000000765B1000-0x00000000765B3000-memory.dmp

Filesize
8KB

Download
memory/1720-56-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download