a6153b90e8b7cc71673a4a5ba366fe720b5a5c159fe3f381f819c965f3289a91

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 19:04

Target

a6153b90e8b7cc71673a4a5ba366fe720b5a5c159fe3f381f819c965f3289a91.exe
Size

104KB
MD5

4532a1cd94cabca3c0f1e33a626918f0
SHA1

dc9bac9fe342351792d9d65edbc1ba79e7af4719
SHA256

a6153b90e8b7cc71673a4a5ba366fe720b5a5c159fe3f381f819c965f3289a91
SHA512

2e8d520e178faccd05a0b6399b56b74530baaa4c871fd8edaa1fdb034dcf5e79958c071b1168912294152f6c6c14345f499538eb6a6c15429b824b6a40671324
SSDEEP

768:/Bkmw3JIcRfZU9qZU9eADVe61rguZXN8/vM7bkrefb9TqsDYbQ5TM1feJNTK:/B9sImpxAD8GXN+I7fJ+aCl1fey

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1808 1096 WerFault.exe a6153b90e8b7cc71673a4a5ba366fe720b5a5c159fe3f381f819c965f3289a91.exe

pid	pid_target	process	target process
1808	1096	WerFault.exe	a6153b90e8b7cc71673a4a5ba366fe720b5a5c159fe3f381f819c965f3289a91.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

a6153b90e8b7cc71673a4a5ba366fe720b5a5c159fe3f381f819c965f3289a91.exe

description	pid	process	target process
PID 1096 wrote to memory of 1808	1096	a6153b90e8b7cc71673a4a5ba366fe720b5a5c159fe3f381f819c965f3289a91.exe	WerFault.exe
PID 1096 wrote to memory of 1808	1096	a6153b90e8b7cc71673a4a5ba366fe720b5a5c159fe3f381f819c965f3289a91.exe	WerFault.exe
PID 1096 wrote to memory of 1808	1096	a6153b90e8b7cc71673a4a5ba366fe720b5a5c159fe3f381f819c965f3289a91.exe	WerFault.exe
PID 1096 wrote to memory of 1808	1096	a6153b90e8b7cc71673a4a5ba366fe720b5a5c159fe3f381f819c965f3289a91.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\a6153b90e8b7cc71673a4a5ba366fe720b5a5c159fe3f381f819c965f3289a91.exe
"C:\Users\Admin\AppData\Local\Temp\a6153b90e8b7cc71673a4a5ba366fe720b5a5c159fe3f381f819c965f3289a91.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 52
2⤵
- Program crash
PID:1808

memory/1096-55-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1808-54-0x0000000000000000-mapping.dmp

Download