5ce442cf42d3da1bed6b9ce4a462e6045b523f8316ffa9ef3efa7320ee0d6569

Analysis

max time kernel
150s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2022 01:24

Target

5ce442cf42d3da1bed6b9ce4a462e6045b523f8316ffa9ef3efa7320ee0d6569.exe
Size

60KB
MD5

a3959c54a355f2d1bd1f2dad5bc2ba60
SHA1

5e9589f0ab9bf5dc10ae8f6469cdf21bcac0bb29
SHA256

5ce442cf42d3da1bed6b9ce4a462e6045b523f8316ffa9ef3efa7320ee0d6569
SHA512

d24930a62f8ee121b84e042920ae2fa55b85f30033584678e77b8c3f20e6032972bca6e97671d5c122b9a537e4153071221802b2fef87a6e5d5bd732423a8c0d
SSDEEP

1536:PvX0vm5bKZbGUAvH3YJRtr1r1sIEvPvrx:3X0IbKZbGjKRtr1R+vPv

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4972	4736	WerFault.exe	79
1364	4736	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 4972	4736	5ce442cf42d3da1bed6b9ce4a462e6045b523f8316ffa9ef3efa7320ee0d6569.exe	82
PID 4736 wrote to memory of 4972	4736	5ce442cf42d3da1bed6b9ce4a462e6045b523f8316ffa9ef3efa7320ee0d6569.exe	82
PID 4736 wrote to memory of 4972	4736	5ce442cf42d3da1bed6b9ce4a462e6045b523f8316ffa9ef3efa7320ee0d6569.exe	82

C:\Users\Admin\AppData\Local\Temp\5ce442cf42d3da1bed6b9ce4a462e6045b523f8316ffa9ef3efa7320ee0d6569.exe
"C:\Users\Admin\AppData\Local\Temp\5ce442cf42d3da1bed6b9ce4a462e6045b523f8316ffa9ef3efa7320ee0d6569.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 416
  2⤵
  - Program crash
  PID:4972
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 416
  2⤵
  - Program crash
  PID:1364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4736 -ip 4736
1⤵
PID:5012

memory/4736-132-0x0000000001000000-0x0000000001012000-memory.dmp

Filesize
72KB

Download
memory/4736-133-0x0000000001000000-0x0000000001012000-memory.dmp

Filesize
72KB

Download
memory/4972-134-0x0000000000000000-mapping.dmp

Download