4111c6b8daa0a3e0f8e3b77f74299218cf5999f3bc56f66e818b65e3ea7f90c9

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 19:05

Target

4111c6b8daa0a3e0f8e3b77f74299218cf5999f3bc56f66e818b65e3ea7f90c9.exe
Size

136KB
MD5

1fb8d13b5168f2eb04c3746e9c401195
SHA1

c97a21f5405079a3fcce8736b10575099a44fb80
SHA256

4111c6b8daa0a3e0f8e3b77f74299218cf5999f3bc56f66e818b65e3ea7f90c9
SHA512

ac54d107905c7b20ebc49ccff1bf71fdc6a71118db9a931ca367f7c52876e8dce1500b037009f13bfb32ff8600fe49f6335756aae5ce252934bc49d7ad76e0f3
SSDEEP

3072:Rjl/oknFJY8olzQYsrWEBnmLGrMjGpKwdB4De:Yt9zyBBnmwMHwr

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

856 620 WerFault.exe 4111c6b8daa0a3e0f8e3b77f74299218cf5999f3bc56f66e818b65e3ea7f90c9.exe

pid	pid_target	process	target process
856	620	WerFault.exe	4111c6b8daa0a3e0f8e3b77f74299218cf5999f3bc56f66e818b65e3ea7f90c9.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

4111c6b8daa0a3e0f8e3b77f74299218cf5999f3bc56f66e818b65e3ea7f90c9.exe

description	pid	process	target process
PID 620 wrote to memory of 856	620	4111c6b8daa0a3e0f8e3b77f74299218cf5999f3bc56f66e818b65e3ea7f90c9.exe	WerFault.exe
PID 620 wrote to memory of 856	620	4111c6b8daa0a3e0f8e3b77f74299218cf5999f3bc56f66e818b65e3ea7f90c9.exe	WerFault.exe
PID 620 wrote to memory of 856	620	4111c6b8daa0a3e0f8e3b77f74299218cf5999f3bc56f66e818b65e3ea7f90c9.exe	WerFault.exe
PID 620 wrote to memory of 856	620	4111c6b8daa0a3e0f8e3b77f74299218cf5999f3bc56f66e818b65e3ea7f90c9.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\4111c6b8daa0a3e0f8e3b77f74299218cf5999f3bc56f66e818b65e3ea7f90c9.exe
"C:\Users\Admin\AppData\Local\Temp\4111c6b8daa0a3e0f8e3b77f74299218cf5999f3bc56f66e818b65e3ea7f90c9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 196
2⤵
- Program crash
PID:856

memory/620-54-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download
memory/620-56-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/856-55-0x0000000000000000-mapping.dmp

Download