45b6731b9bf7e773ead608dfaa53f53e579b888750580a9d9c70a3398c68cceb

Analysis

max time kernel
178s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 22:08

Target

45b6731b9bf7e773ead608dfaa53f53e579b888750580a9d9c70a3398c68cceb.exe
Size

206KB
MD5

0ccd3d5cd0a05147613e8620418f5dcd
SHA1

4ca74bf5d0630c5d924c45a34ce8effa694aef3a
SHA256

45b6731b9bf7e773ead608dfaa53f53e579b888750580a9d9c70a3398c68cceb
SHA512

84969170a909cfd2c5c9eeca83a46c51421a2d6852dc857c02214fb3a4d119d3e6f97dc4b343eb8058f75040430ff692fd061a8b46358dd776e3b6b94636d6e0
SSDEEP

6144:27o9z+HMtpTdMj2DGqsIKwo08a2XrhbwP5n147:20z+wDdDtsVD0gr1wU7

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3180	824	WerFault.exe	20
4668	824	WerFault.exe	20

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 824 wrote to memory of 3180	824	45b6731b9bf7e773ead608dfaa53f53e579b888750580a9d9c70a3398c68cceb.exe	85
PID 824 wrote to memory of 3180	824	45b6731b9bf7e773ead608dfaa53f53e579b888750580a9d9c70a3398c68cceb.exe	85
PID 824 wrote to memory of 3180	824	45b6731b9bf7e773ead608dfaa53f53e579b888750580a9d9c70a3398c68cceb.exe	85

C:\Users\Admin\AppData\Local\Temp\45b6731b9bf7e773ead608dfaa53f53e579b888750580a9d9c70a3398c68cceb.exe
"C:\Users\Admin\AppData\Local\Temp\45b6731b9bf7e773ead608dfaa53f53e579b888750580a9d9c70a3398c68cceb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:824
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 452
  2⤵
  - Program crash
  PID:3180
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 452
  2⤵
  - Program crash
  PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 824 -ip 824
1⤵
PID:4440