4155cd552dc2f3e56f32423aaeadb6a9f5ac0c14576d9b1d0d03391b8b11a592

Analysis

max time kernel
165s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:16

Target

4155cd552dc2f3e56f32423aaeadb6a9f5ac0c14576d9b1d0d03391b8b11a592.exe
Size

99KB
MD5

43cf1f3348e6aa533975a021fa055621
SHA1

7a997551427ccb4c5615d920afc103b8ebdc34d9
SHA256

4155cd552dc2f3e56f32423aaeadb6a9f5ac0c14576d9b1d0d03391b8b11a592
SHA512

41b2217e8fa6f25e797240ffb4ffffbd1b3ec2c6b460edc5658ff3a43b8a0de21217417bc1fb4cb3b1393c16362c169c2b0a0d9255105e7d281c45e5a6f3e9ac
SSDEEP

1536:h3A7XPDUAZeig2OHbm0CjbusSCnroMihUA3nceNNeihj3zwziZjvCd1EdMo:h3cPDU8Vg2bLalZgW0iv

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1192 1656 WerFault.exe 4155cd552dc2f3e56f32423aaeadb6a9f5ac0c14576d9b1d0d03391b8b11a592.exe

pid	pid_target	process	target process
1192	1656	WerFault.exe	4155cd552dc2f3e56f32423aaeadb6a9f5ac0c14576d9b1d0d03391b8b11a592.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

4155cd552dc2f3e56f32423aaeadb6a9f5ac0c14576d9b1d0d03391b8b11a592.exe

description	pid	process	target process
PID 1656 wrote to memory of 1192	1656	4155cd552dc2f3e56f32423aaeadb6a9f5ac0c14576d9b1d0d03391b8b11a592.exe	WerFault.exe
PID 1656 wrote to memory of 1192	1656	4155cd552dc2f3e56f32423aaeadb6a9f5ac0c14576d9b1d0d03391b8b11a592.exe	WerFault.exe
PID 1656 wrote to memory of 1192	1656	4155cd552dc2f3e56f32423aaeadb6a9f5ac0c14576d9b1d0d03391b8b11a592.exe	WerFault.exe
PID 1656 wrote to memory of 1192	1656	4155cd552dc2f3e56f32423aaeadb6a9f5ac0c14576d9b1d0d03391b8b11a592.exe	WerFault.exe
PID 1656 wrote to memory of 1192	1656	4155cd552dc2f3e56f32423aaeadb6a9f5ac0c14576d9b1d0d03391b8b11a592.exe	WerFault.exe
PID 1656 wrote to memory of 1192	1656	4155cd552dc2f3e56f32423aaeadb6a9f5ac0c14576d9b1d0d03391b8b11a592.exe	WerFault.exe
PID 1656 wrote to memory of 1192	1656	4155cd552dc2f3e56f32423aaeadb6a9f5ac0c14576d9b1d0d03391b8b11a592.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\4155cd552dc2f3e56f32423aaeadb6a9f5ac0c14576d9b1d0d03391b8b11a592.exe
"C:\Users\Admin\AppData\Local\Temp\4155cd552dc2f3e56f32423aaeadb6a9f5ac0c14576d9b1d0d03391b8b11a592.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 324
2⤵
- Program crash
PID:1192

memory/1192-55-0x0000000000000000-mapping.dmp

Download
memory/1656-54-0x0000000076221000-0x0000000076223000-memory.dmp

Filesize
8KB

Download
memory/1656-56-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1656-57-0x0000000000270000-0x0000000000295000-memory.dmp

Filesize
148KB

Download
memory/1656-58-0x0000000000270000-0x0000000000295000-memory.dmp

Filesize
148KB

Download
memory/1656-59-0x0000000000270000-0x0000000000295000-memory.dmp

Filesize
148KB

Download
memory/1656-60-0x0000000000270000-0x0000000000295000-memory.dmp

Filesize
148KB

Download
memory/1656-61-0x0000000000270000-0x0000000000295000-memory.dmp

Filesize
148KB

Download
memory/1656-62-0x0000000000270000-0x0000000000295000-memory.dmp

Filesize
148KB

Download