bae2fae8158faf93b1da77900d5f797393fcff82790c851be99f027b3f31cf8a

Analysis

max time kernel
138s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 13:35

Target

bae2fae8158faf93b1da77900d5f797393fcff82790c851be99f027b3f31cf8a.exe
Size

55KB
MD5

7cafe6f9c64e513ef59def2529edd0b6
SHA1

194416d6adc8d4b3e9710abe9d95b6d3b3f2ee08
SHA256

bae2fae8158faf93b1da77900d5f797393fcff82790c851be99f027b3f31cf8a
SHA512

f054075f5a77b7375da2d1f1429f149c3f852ea4ea11f8221fe119713c3844286fea967c49cfa07a36928f2f60962ddb95be1aae76a78aafd0b9a3dc7263597a
SSDEEP

384:+RQvCOGg3+z23D9TxU4vIk/qD48+cCK+hJS7gez:+OvCOPpPxSD7C1S7g

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4212	4396	WerFault.exe	62
4496	4396	WerFault.exe	62

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 4212	4396	bae2fae8158faf93b1da77900d5f797393fcff82790c851be99f027b3f31cf8a.exe	84
PID 4396 wrote to memory of 4212	4396	bae2fae8158faf93b1da77900d5f797393fcff82790c851be99f027b3f31cf8a.exe	84
PID 4396 wrote to memory of 4212	4396	bae2fae8158faf93b1da77900d5f797393fcff82790c851be99f027b3f31cf8a.exe	84

C:\Users\Admin\AppData\Local\Temp\bae2fae8158faf93b1da77900d5f797393fcff82790c851be99f027b3f31cf8a.exe
"C:\Users\Admin\AppData\Local\Temp\bae2fae8158faf93b1da77900d5f797393fcff82790c851be99f027b3f31cf8a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 720
  2⤵
  - Program crash
  PID:4212
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 720
  2⤵
  - Program crash
  PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4396 -ip 4396
1⤵
PID:5076

memory/4396-132-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4396-133-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download