093912f00f4f299e857c5a29b4e0fbde549e2430f42487134e82418f8dfd2ef2

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:24

Target

093912f00f4f299e857c5a29b4e0fbde549e2430f42487134e82418f8dfd2ef2.exe
Size

66KB
MD5

1bd4a5e463a7d1452c2aa04b3504a2d5
SHA1

2b82364d66a46146493c66b93490183728e96d49
SHA256

093912f00f4f299e857c5a29b4e0fbde549e2430f42487134e82418f8dfd2ef2
SHA512

a80385ebed03be804f297e944e8e01bd5ab8366e51568bd1ce2f80a8e6c8b618614dc5bf0d49149d0a20a6f59ec6d17bca3f3384d8de1cd1082b86ddd027e951
SSDEEP

1536:5376W5GmPFhwdzfIhOtrR0BnbXLg94IyMWqJxxVfBd:530mPF6zvd0bMlUG1fL

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

892 656 WerFault.exe 093912f00f4f299e857c5a29b4e0fbde549e2430f42487134e82418f8dfd2ef2.exe

pid	pid_target	process	target process
892	656	WerFault.exe	093912f00f4f299e857c5a29b4e0fbde549e2430f42487134e82418f8dfd2ef2.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

093912f00f4f299e857c5a29b4e0fbde549e2430f42487134e82418f8dfd2ef2.exe

description	pid	process	target process
PID 656 wrote to memory of 892	656	093912f00f4f299e857c5a29b4e0fbde549e2430f42487134e82418f8dfd2ef2.exe	WerFault.exe
PID 656 wrote to memory of 892	656	093912f00f4f299e857c5a29b4e0fbde549e2430f42487134e82418f8dfd2ef2.exe	WerFault.exe
PID 656 wrote to memory of 892	656	093912f00f4f299e857c5a29b4e0fbde549e2430f42487134e82418f8dfd2ef2.exe	WerFault.exe
PID 656 wrote to memory of 892	656	093912f00f4f299e857c5a29b4e0fbde549e2430f42487134e82418f8dfd2ef2.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\093912f00f4f299e857c5a29b4e0fbde549e2430f42487134e82418f8dfd2ef2.exe
"C:\Users\Admin\AppData\Local\Temp\093912f00f4f299e857c5a29b4e0fbde549e2430f42487134e82418f8dfd2ef2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 36
2⤵
- Program crash
PID:892

memory/656-55-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/892-54-0x0000000000000000-mapping.dmp

Download