1db7b96b2c93399b95963a8594e89ca757788bc43cb3e4c350d7357b26616c08

Analysis

max time kernel
118s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2022, 23:24

Target

1db7b96b2c93399b95963a8594e89ca757788bc43cb3e4c350d7357b26616c08.exe
Size

98KB
MD5

0fe5a46cd6ca71005c698b525634b700
SHA1

fdbb0b5e7bc1b3a95967816dd8efeaec4b89c2a5
SHA256

1db7b96b2c93399b95963a8594e89ca757788bc43cb3e4c350d7357b26616c08
SHA512

f0b24747fd3c184007ebb9ad45eb76e0dac685a4844cb40c1d265083ddb41fe1a39bdbd43895108aa645b6c532d9cdb8056acfa1973458dc0d49a3eba6e5837c
SSDEEP

768:Pcatsv4OwO7PFPrXWWX90LsJ7sJWl8+1avyTRYw/aTR847KVwKpAn5rhN:jsvbfJrGCdVsM8+16kaO47KVwKSnT

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3192	4120	WerFault.exe	15
1472	4120	WerFault.exe	15

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 3192	4120	1db7b96b2c93399b95963a8594e89ca757788bc43cb3e4c350d7357b26616c08.exe	85
PID 4120 wrote to memory of 3192	4120	1db7b96b2c93399b95963a8594e89ca757788bc43cb3e4c350d7357b26616c08.exe	85
PID 4120 wrote to memory of 3192	4120	1db7b96b2c93399b95963a8594e89ca757788bc43cb3e4c350d7357b26616c08.exe	85

C:\Users\Admin\AppData\Local\Temp\1db7b96b2c93399b95963a8594e89ca757788bc43cb3e4c350d7357b26616c08.exe
"C:\Users\Admin\AppData\Local\Temp\1db7b96b2c93399b95963a8594e89ca757788bc43cb3e4c350d7357b26616c08.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 292
  2⤵
  - Program crash
  PID:3192
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 292
  2⤵
  - Program crash
  PID:1472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4120 -ip 4120
1⤵
PID:556