39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c

Analysis

max time kernel
155s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 16:55

Target

39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe
Size

1020KB
MD5

4565d0318c38be9d62247d439fc1db70
SHA1

49f5d9b5b3274940c9b19ca14a65e73045139309
SHA256

39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c
SHA512

b9dda4f71fd810c211a05370d3e90808ec0edfb5af2d2e8a2261830365acf5a357e4e140af15ae337109073d1a917016186465f8ac75f8a835530b0e8d33b401
SSDEEP

3072:CVSJfUMjGtt01aOv5vvWE0B4/9LwRxU68sDA1Aoch/NDIsQZOxkAHoqY+UkOMOFn:CVCnXv5vulBY9o9DWGJRW8Ihzo0naG9

Score

3^/10

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid	pid_target	process	target process
2568	4948	WerFault.exe	39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe
456	4948	WerFault.exe	39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe

description	pid	process	target process
PID 4948 wrote to memory of 2568	4948	39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe	WerFault.exe
PID 4948 wrote to memory of 2568	4948	39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe	WerFault.exe
PID 4948 wrote to memory of 2568	4948	39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe
"C:\Users\Admin\AppData\Local\Temp\39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 408
2⤵
- Program crash
PID:2568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 408
2⤵
- Program crash
PID:456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4948 -ip 4948
1⤵
PID:1264

memory/2568-133-0x0000000000000000-mapping.dmp

Download
memory/4948-132-0x0000000000400000-0x0000000000500000-memory.dmp

Filesize
1024KB

Download