45c99f418c425bc85706f6a76212d8caa260880403acefabf3c768e2c60ccf3c

Analysis

max time kernel
5s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:23

Target

45c99f418c425bc85706f6a76212d8caa260880403acefabf3c768e2c60ccf3c.exe
Size

67KB
MD5

c4fe6f3e3723655f8c5e4119466489f3
SHA1

aaea01889976744fdce4fea3460ef4a83647c19a
SHA256

45c99f418c425bc85706f6a76212d8caa260880403acefabf3c768e2c60ccf3c
SHA512

8fd4413e4fa0b8f41d8c097b54255c32fa72d65b40bad99e699a1e3e12fd0e373c62bb3ab9dabee74441b63272cd7637b2bb30aafc90e3694d825896ff3e5262
SSDEEP

1536:9tt/uvGGiHMn1atwv1MVGAEPAdDy7uzBad54Ruh1ZpCBBvC53K:9ttWvuHU1atk1PXuFcxpCBBvC9K

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1792 792 WerFault.exe 45c99f418c425bc85706f6a76212d8caa260880403acefabf3c768e2c60ccf3c.exe

pid	pid_target	process	target process
1792	792	WerFault.exe	45c99f418c425bc85706f6a76212d8caa260880403acefabf3c768e2c60ccf3c.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

45c99f418c425bc85706f6a76212d8caa260880403acefabf3c768e2c60ccf3c.exe

description	pid	process	target process
PID 792 wrote to memory of 1792	792	45c99f418c425bc85706f6a76212d8caa260880403acefabf3c768e2c60ccf3c.exe	WerFault.exe
PID 792 wrote to memory of 1792	792	45c99f418c425bc85706f6a76212d8caa260880403acefabf3c768e2c60ccf3c.exe	WerFault.exe
PID 792 wrote to memory of 1792	792	45c99f418c425bc85706f6a76212d8caa260880403acefabf3c768e2c60ccf3c.exe	WerFault.exe
PID 792 wrote to memory of 1792	792	45c99f418c425bc85706f6a76212d8caa260880403acefabf3c768e2c60ccf3c.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\45c99f418c425bc85706f6a76212d8caa260880403acefabf3c768e2c60ccf3c.exe
"C:\Users\Admin\AppData\Local\Temp\45c99f418c425bc85706f6a76212d8caa260880403acefabf3c768e2c60ccf3c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 36
2⤵
- Program crash
PID:1792

memory/792-54-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1792-55-0x0000000000000000-mapping.dmp

Download