041fb0e37b76d6bea899c8c539b3f498f32e42c3e253e139a42c6116ef3662be

Analysis

max time kernel
150s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 04:07

Target

041fb0e37b76d6bea899c8c539b3f498f32e42c3e253e139a42c6116ef3662be.exe
Size

90KB
MD5

6ec95cd39bf9dd0b2451e2cbbd271c40
SHA1

73bcc5c4cdbbd8dea06a8d654eb82e9de044ffc9
SHA256

041fb0e37b76d6bea899c8c539b3f498f32e42c3e253e139a42c6116ef3662be
SHA512

80e1beb39c4f3be0b397302638f3e0c653bce7b077437125df01d2188a49ddb9665c807a0562c30ebe3c6775e8f96600ff6545320f57966400e7625f87febfa0
SSDEEP

1536:E+dL3K7SPCsp3i7UamMGoXB4fmyYK4K9wBU6qnH001LphJg:E8K7Sqsp3RanBXq5Yi9Pn9ph

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3840	3056	WerFault.exe	81
3268	3056	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 3840	3056	041fb0e37b76d6bea899c8c539b3f498f32e42c3e253e139a42c6116ef3662be.exe	87
PID 3056 wrote to memory of 3840	3056	041fb0e37b76d6bea899c8c539b3f498f32e42c3e253e139a42c6116ef3662be.exe	87
PID 3056 wrote to memory of 3840	3056	041fb0e37b76d6bea899c8c539b3f498f32e42c3e253e139a42c6116ef3662be.exe	87

C:\Users\Admin\AppData\Local\Temp\041fb0e37b76d6bea899c8c539b3f498f32e42c3e253e139a42c6116ef3662be.exe
"C:\Users\Admin\AppData\Local\Temp\041fb0e37b76d6bea899c8c539b3f498f32e42c3e253e139a42c6116ef3662be.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 336
  2⤵
  - Program crash
  PID:3840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 336
  2⤵
  - Program crash
  PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3056 -ip 3056
1⤵
PID:1616

memory/3056-132-0x0000000001000000-0x000000000101A000-memory.dmp

Filesize
104KB

Download
memory/3056-133-0x0000000001000000-0x000000000101A000-memory.dmp

Filesize
104KB

Download