63e47a8f8c0f7358b3616549de525be345327157e020a22b9f27c31f28e2d6b9

Analysis

max time kernel
92s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 16:33

Target

63e47a8f8c0f7358b3616549de525be345327157e020a22b9f27c31f28e2d6b9.exe
Size

339KB
MD5

43e9ea0e38f24ae28fb4f5cd5a575393
SHA1

bce4b8566bc5b3f9407945e03a15b4f612db49e9
SHA256

63e47a8f8c0f7358b3616549de525be345327157e020a22b9f27c31f28e2d6b9
SHA512

fe2e9397f75ff2fbba6bafaad377fb514d7069d10c68ec321de19dc1b586ffd90dabc741e346122f42f62a4a0d85af43708e1a1daf1f6df4728bb989349c88c8
SSDEEP

6144:1SW609vwwb5RUghgALqqxCg7PSTTn7Za/OywBFFlmPl+IcbJEUdKSHuE1ikzIv:1N9/+Yj+TV6qTmQT0Wr4v

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1760	5004	WerFault.exe	79
224	5004	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 1760	5004	63e47a8f8c0f7358b3616549de525be345327157e020a22b9f27c31f28e2d6b9.exe	84
PID 5004 wrote to memory of 1760	5004	63e47a8f8c0f7358b3616549de525be345327157e020a22b9f27c31f28e2d6b9.exe	84
PID 5004 wrote to memory of 1760	5004	63e47a8f8c0f7358b3616549de525be345327157e020a22b9f27c31f28e2d6b9.exe	84

C:\Users\Admin\AppData\Local\Temp\63e47a8f8c0f7358b3616549de525be345327157e020a22b9f27c31f28e2d6b9.exe
"C:\Users\Admin\AppData\Local\Temp\63e47a8f8c0f7358b3616549de525be345327157e020a22b9f27c31f28e2d6b9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 284
  2⤵
  - Program crash
  PID:1760
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 284
  2⤵
  - Program crash
  PID:224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5004 -ip 5004
1⤵
PID:4324