f005d9deaf56ef59de9697b54304506f0c987c360cc9fea2c45f62f8a5d6137f

Analysis

max time kernel
207s
max time network
241s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 21:40

Target

f005d9deaf56ef59de9697b54304506f0c987c360cc9fea2c45f62f8a5d6137f.exe
Size

80KB
MD5

7cf3b0c54ddd88f8bcebc761136a40b5
SHA1

c647b91693460ca440d818314699493d2352348a
SHA256

f005d9deaf56ef59de9697b54304506f0c987c360cc9fea2c45f62f8a5d6137f
SHA512

6a45afc05f9a3ea37ee571f5e2f66ee87efcb646f6c1d7b0c8a6ecd44b1d4c041c57cf17f100c1c7d5ee9aca9c463b2b6c51b2d86f09f2a8c53f7a580e1ffd3a
SSDEEP

1536:0fB+PcWo/jY3u84pHkyCN8durxz5QzAXtA:OwudEy9d8B5C

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4924	308	WerFault.exe	80
4140	308	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 308 wrote to memory of 4924	308	f005d9deaf56ef59de9697b54304506f0c987c360cc9fea2c45f62f8a5d6137f.exe	84
PID 308 wrote to memory of 4924	308	f005d9deaf56ef59de9697b54304506f0c987c360cc9fea2c45f62f8a5d6137f.exe	84
PID 308 wrote to memory of 4924	308	f005d9deaf56ef59de9697b54304506f0c987c360cc9fea2c45f62f8a5d6137f.exe	84

C:\Users\Admin\AppData\Local\Temp\f005d9deaf56ef59de9697b54304506f0c987c360cc9fea2c45f62f8a5d6137f.exe
"C:\Users\Admin\AppData\Local\Temp\f005d9deaf56ef59de9697b54304506f0c987c360cc9fea2c45f62f8a5d6137f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:308
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 400
  2⤵
  - Program crash
  PID:4924
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 400
  2⤵
  - Program crash
  PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 308 -ip 308
1⤵
PID:4612