e4041d27bc173e5d319a8fba35bc724493f2de1163c3a187c36fa2259b710eae

Analysis

max time kernel
145s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 03:45

Target

e4041d27bc173e5d319a8fba35bc724493f2de1163c3a187c36fa2259b710eae.exe
Size

281KB
MD5

4ade87f79a6dbd3b0aafd751c9e5ce90
SHA1

fb0c9fea994038b471b4c027aa6a935bd2e7107d
SHA256

e4041d27bc173e5d319a8fba35bc724493f2de1163c3a187c36fa2259b710eae
SHA512

5a8fac0e2f272ffe8df323a215bd593f645d7574e7da17ac590e2edd4fec10977b7f97f992d4e3e0769bf738c5120c3b114ad106a5b922f7a36f238219500de3
SSDEEP

6144:zhWCm+oc7R8Hm2ruaypkkFrVBYdnCEz9BmIg5XvpnQpQa1UwrWp2QK+CFg2Tl2V8:sMf7R8BKpkerVBYdnCEz9lgRvpnQpQaP

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4684	4508	WerFault.exe	80
4428	4508	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 4684	4508	e4041d27bc173e5d319a8fba35bc724493f2de1163c3a187c36fa2259b710eae.exe	84
PID 4508 wrote to memory of 4684	4508	e4041d27bc173e5d319a8fba35bc724493f2de1163c3a187c36fa2259b710eae.exe	84
PID 4508 wrote to memory of 4684	4508	e4041d27bc173e5d319a8fba35bc724493f2de1163c3a187c36fa2259b710eae.exe	84

C:\Users\Admin\AppData\Local\Temp\e4041d27bc173e5d319a8fba35bc724493f2de1163c3a187c36fa2259b710eae.exe
"C:\Users\Admin\AppData\Local\Temp\e4041d27bc173e5d319a8fba35bc724493f2de1163c3a187c36fa2259b710eae.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 248
  2⤵
  - Program crash
  PID:4684
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 248
  2⤵
  - Program crash
  PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4508 -ip 4508
1⤵
PID:4712

memory/4508-132-0x0000000001000000-0x0000000001095000-memory.dmp

Filesize
596KB

Download
memory/4508-133-0x0000000001000000-0x0000000001095000-memory.dmp

Filesize
596KB

Download