dcc24e7e510de9f1ddb46bdc31c4042079aac308097dba0ccb016cbb7a952c48

Analysis

max time kernel
90s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19-10-2022 13:20

Target

dcc24e7e510de9f1ddb46bdc31c4042079aac308097dba0ccb016cbb7a952c48.exe
Size

169KB
MD5

921d8635f8e917729c8a4e02ddc64aa8
SHA1

fc4032b9b79243d14e9c359d0b98f776ca750938
SHA256

dcc24e7e510de9f1ddb46bdc31c4042079aac308097dba0ccb016cbb7a952c48
SHA512

dc3764d484fa1f52564391095f2882e1e2b704f25743ab2b4cff07a78dd7fcafe81294e17b766878c154acaca592f5ca3a0102920bdbc7a3bf78da32c1a0decf
SSDEEP

3072:5PinzlxMF/kJaTcig4l4V+IByVLvUioBfoHs1rCxuIyAgLSiAkb7dibTzAyO:5PipyF/T1QqUc6rCxuIyAmmkNibIl

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5020	4964	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 4908	4964	dcc24e7e510de9f1ddb46bdc31c4042079aac308097dba0ccb016cbb7a952c48.exe	82
PID 4964 wrote to memory of 4908	4964	dcc24e7e510de9f1ddb46bdc31c4042079aac308097dba0ccb016cbb7a952c48.exe	82
PID 4964 wrote to memory of 4908	4964	dcc24e7e510de9f1ddb46bdc31c4042079aac308097dba0ccb016cbb7a952c48.exe	82

C:\Users\Admin\AppData\Local\Temp\dcc24e7e510de9f1ddb46bdc31c4042079aac308097dba0ccb016cbb7a952c48.exe
"C:\Users\Admin\AppData\Local\Temp\dcc24e7e510de9f1ddb46bdc31c4042079aac308097dba0ccb016cbb7a952c48.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Users\Admin\AppData\Local\Temp\dcc24e7e510de9f1ddb46bdc31c4042079aac308097dba0ccb016cbb7a952c48.exe
  dcc24e7e510de9f1ddb46bdc31c4042079aac308097dba0ccb016cbb7a952c48.exe
  2⤵
  PID:4908
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 420
  2⤵
  - Program crash
  PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4964 -ip 4964
1⤵
PID:1332