75d4fd493c5c7f014b441e7b48cd518923d9070311637406015cb6a8a98a5817

Analysis

max time kernel
151s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 10:17

Target

75d4fd493c5c7f014b441e7b48cd518923d9070311637406015cb6a8a98a5817.exe
Size

10KB
MD5

47cdc85535003f841a323ca51b7fe576
SHA1

291080971981bf367de85630da7d5a7b831090d0
SHA256

75d4fd493c5c7f014b441e7b48cd518923d9070311637406015cb6a8a98a5817
SHA512

354d73d890b1eaabb8c1eaf3c1c249b907df40c8d4c8831562731f3801e069db7f5139d063556a94148fa7944b3596cef3b951b861e1dc0a1864086b7d44759f
SSDEEP

192:+jqxi6u2JN/+jW2jB23uJV4Wzdo3DHiHZ5t9Kip1V2:+jQo9jxJpzSTCHZ5t9K

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2208	4556	WerFault.exe	82
3808	4556	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 2208	4556	75d4fd493c5c7f014b441e7b48cd518923d9070311637406015cb6a8a98a5817.exe	84
PID 4556 wrote to memory of 2208	4556	75d4fd493c5c7f014b441e7b48cd518923d9070311637406015cb6a8a98a5817.exe	84
PID 4556 wrote to memory of 2208	4556	75d4fd493c5c7f014b441e7b48cd518923d9070311637406015cb6a8a98a5817.exe	84

C:\Users\Admin\AppData\Local\Temp\75d4fd493c5c7f014b441e7b48cd518923d9070311637406015cb6a8a98a5817.exe
"C:\Users\Admin\AppData\Local\Temp\75d4fd493c5c7f014b441e7b48cd518923d9070311637406015cb6a8a98a5817.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 224
  2⤵
  - Program crash
  PID:2208
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 224
  2⤵
  - Program crash
  PID:3808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4556 -ip 4556
1⤵
PID:5020

memory/4556-132-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download