39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c

Analysis

max time kernel
28s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 16:55

Target

39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe
Size

1020KB
MD5

4565d0318c38be9d62247d439fc1db70
SHA1

49f5d9b5b3274940c9b19ca14a65e73045139309
SHA256

39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c
SHA512

b9dda4f71fd810c211a05370d3e90808ec0edfb5af2d2e8a2261830365acf5a357e4e140af15ae337109073d1a917016186465f8ac75f8a835530b0e8d33b401
SSDEEP

3072:CVSJfUMjGtt01aOv5vvWE0B4/9LwRxU68sDA1Aoch/NDIsQZOxkAHoqY+UkOMOFn:CVCnXv5vulBY9o9DWGJRW8Ihzo0naG9

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1912 1020 WerFault.exe 39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe

pid	pid_target	process	target process
1912	1020	WerFault.exe	39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe

description	pid	process	target process
PID 1020 wrote to memory of 1912	1020	39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe	WerFault.exe
PID 1020 wrote to memory of 1912	1020	39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe	WerFault.exe
PID 1020 wrote to memory of 1912	1020	39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe	WerFault.exe
PID 1020 wrote to memory of 1912	1020	39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe
"C:\Users\Admin\AppData\Local\Temp\39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 148
2⤵
- Program crash
PID:1912

memory/1020-55-0x0000000000400000-0x0000000000500000-memory.dmp

Filesize
1024KB

Download
memory/1912-54-0x0000000000000000-mapping.dmp

Download