545d89ef040ee4a82f0425eb328eb8206c67a29ad0f329fcb4984961830450db

Analysis

max time kernel
56s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 21:08

Target

545d89ef040ee4a82f0425eb328eb8206c67a29ad0f329fcb4984961830450db.exe
Size

117KB
MD5

528bef872aecb546e16d473161a9b380
SHA1

e0e938c42d94e7fc76ac2d01912b813b93da16ba
SHA256

545d89ef040ee4a82f0425eb328eb8206c67a29ad0f329fcb4984961830450db
SHA512

647a4b804154d806dc3635d6b7d64504e0834bedc2c8b74beffb04d7226dbfa7de33d4996ec8502aed0305156e6cd155c6356ecaa22015330f314dcf99310857
SSDEEP

3072:j3+QhwE8N9s6v3vMx+O0i3suUW11QfL+Zsoc5j:r+Qht8NLv40icG11gLIs/5j

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

876 1932 WerFault.exe 545d89ef040ee4a82f0425eb328eb8206c67a29ad0f329fcb4984961830450db.exe

pid	pid_target	process	target process
876	1932	WerFault.exe	545d89ef040ee4a82f0425eb328eb8206c67a29ad0f329fcb4984961830450db.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

545d89ef040ee4a82f0425eb328eb8206c67a29ad0f329fcb4984961830450db.exe

description	pid	process	target process
PID 1932 wrote to memory of 876	1932	545d89ef040ee4a82f0425eb328eb8206c67a29ad0f329fcb4984961830450db.exe	WerFault.exe
PID 1932 wrote to memory of 876	1932	545d89ef040ee4a82f0425eb328eb8206c67a29ad0f329fcb4984961830450db.exe	WerFault.exe
PID 1932 wrote to memory of 876	1932	545d89ef040ee4a82f0425eb328eb8206c67a29ad0f329fcb4984961830450db.exe	WerFault.exe
PID 1932 wrote to memory of 876	1932	545d89ef040ee4a82f0425eb328eb8206c67a29ad0f329fcb4984961830450db.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\545d89ef040ee4a82f0425eb328eb8206c67a29ad0f329fcb4984961830450db.exe
"C:\Users\Admin\AppData\Local\Temp\545d89ef040ee4a82f0425eb328eb8206c67a29ad0f329fcb4984961830450db.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 36
2⤵
- Program crash
PID:876

memory/876-54-0x0000000000000000-mapping.dmp

Download
memory/1932-55-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download