542fd3df85c65c9b2640f5e6a6c1414dd1a5d848f8f47c2dea15063e4f8bf3de

Analysis

max time kernel
10s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 18:59

Target

542fd3df85c65c9b2640f5e6a6c1414dd1a5d848f8f47c2dea15063e4f8bf3de.exe
Size

74KB
MD5

4fd36a9ed9aed0eb1cd7f45e2e4b069a
SHA1

8a217ea72f978e560458bd3f9eac3584e739c25d
SHA256

542fd3df85c65c9b2640f5e6a6c1414dd1a5d848f8f47c2dea15063e4f8bf3de
SHA512

801ebdfa898a833975a7cf7f7b60c8feff7f2c7a67b52075cf7cb43e18bdf6fd27abf0db213b404c73ff14dd04e81f7e905509d700d58a939df547e165148f0b
SSDEEP

768:/Zx9fvq5n0p/tNm2XBwOS5nC6mraP4Z6gTYfsQN5hrt0l/4wsiHoCPHCI7yIYm5K:/Zxtm22O62fTYU0t0l5snRJluK

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

272 2012 WerFault.exe 542fd3df85c65c9b2640f5e6a6c1414dd1a5d848f8f47c2dea15063e4f8bf3de.exe

pid	pid_target	process	target process
272	2012	WerFault.exe	542fd3df85c65c9b2640f5e6a6c1414dd1a5d848f8f47c2dea15063e4f8bf3de.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

542fd3df85c65c9b2640f5e6a6c1414dd1a5d848f8f47c2dea15063e4f8bf3de.exe

description	pid	process	target process
PID 2012 wrote to memory of 272	2012	542fd3df85c65c9b2640f5e6a6c1414dd1a5d848f8f47c2dea15063e4f8bf3de.exe	WerFault.exe
PID 2012 wrote to memory of 272	2012	542fd3df85c65c9b2640f5e6a6c1414dd1a5d848f8f47c2dea15063e4f8bf3de.exe	WerFault.exe
PID 2012 wrote to memory of 272	2012	542fd3df85c65c9b2640f5e6a6c1414dd1a5d848f8f47c2dea15063e4f8bf3de.exe	WerFault.exe
PID 2012 wrote to memory of 272	2012	542fd3df85c65c9b2640f5e6a6c1414dd1a5d848f8f47c2dea15063e4f8bf3de.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\542fd3df85c65c9b2640f5e6a6c1414dd1a5d848f8f47c2dea15063e4f8bf3de.exe
"C:\Users\Admin\AppData\Local\Temp\542fd3df85c65c9b2640f5e6a6c1414dd1a5d848f8f47c2dea15063e4f8bf3de.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 148
2⤵
- Program crash
PID:272

memory/272-55-0x0000000000000000-mapping.dmp

Download
memory/2012-54-0x0000000000400000-0x000000000041290A-memory.dmp

Filesize
74KB

Download