801d8c9268b674434047493d5b55b43ca3782d0c1e89d83760a9d02aca8f7882

Analysis

max time kernel
12s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:22

Target

801d8c9268b674434047493d5b55b43ca3782d0c1e89d83760a9d02aca8f7882.exe
Size

71KB
MD5

09f8656a25dce3de35a8f7c5dfe0ae4d
SHA1

bf995123b0256175e96b92e5779bbd33a1d9b878
SHA256

801d8c9268b674434047493d5b55b43ca3782d0c1e89d83760a9d02aca8f7882
SHA512

991ea8083c8b989d05a933a8dc9314d814b118234482370c5e4fdfc422db6644743901771a0d04cd532b933426d1ad4809ace142649fb317136c8f64170f4817
SSDEEP

1536:CJ2stRSvXQoKV9AxSCd9XgHwrGs80TLXGXN/LB2yeo93zDJpJiMHo9LEzkAb:CoqSvXQtV+l96wrG30TLXGX9B2yz9DD5

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1348 1336 WerFault.exe 801d8c9268b674434047493d5b55b43ca3782d0c1e89d83760a9d02aca8f7882.exe

pid	pid_target	process	target process
1348	1336	WerFault.exe	801d8c9268b674434047493d5b55b43ca3782d0c1e89d83760a9d02aca8f7882.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

801d8c9268b674434047493d5b55b43ca3782d0c1e89d83760a9d02aca8f7882.exe

description	pid	process	target process
PID 1336 wrote to memory of 1348	1336	801d8c9268b674434047493d5b55b43ca3782d0c1e89d83760a9d02aca8f7882.exe	WerFault.exe
PID 1336 wrote to memory of 1348	1336	801d8c9268b674434047493d5b55b43ca3782d0c1e89d83760a9d02aca8f7882.exe	WerFault.exe
PID 1336 wrote to memory of 1348	1336	801d8c9268b674434047493d5b55b43ca3782d0c1e89d83760a9d02aca8f7882.exe	WerFault.exe
PID 1336 wrote to memory of 1348	1336	801d8c9268b674434047493d5b55b43ca3782d0c1e89d83760a9d02aca8f7882.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\801d8c9268b674434047493d5b55b43ca3782d0c1e89d83760a9d02aca8f7882.exe
"C:\Users\Admin\AppData\Local\Temp\801d8c9268b674434047493d5b55b43ca3782d0c1e89d83760a9d02aca8f7882.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 36
2⤵
- Program crash
PID:1348

memory/1336-55-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1348-54-0x0000000000000000-mapping.dmp

Download