3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09

Analysis

max time kernel
274s
max time network
275s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2022 17:58

Target

3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe
Size

410KB
MD5

3b194b104e8a9bbe2a24ef2de65a354e
SHA1

f4700c00fb928844b719e60bd1ad9708a013bf9d
SHA256

3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09
SHA512

3044217c8663d1b193188e3fa4e6222a4ae9f9c7b64a37a69d729d405e3715280eb8a31b036f6cca75afb6658cd3916dab5f435f241057c6fd9cbadac32b1e64
SSDEEP

6144:lIYgyLGFAOZrVfwZDGkU9P47K9X9L+IpC0dgZ/865:iYbLYnV6dG+/cO/8

Score

3^/10

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid	pid_target	process	target process
3656	1628	WerFault.exe	3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe
1260	1628	WerFault.exe	3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe

description	pid	process	target process
PID 1628 wrote to memory of 3656	1628	3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe	WerFault.exe
PID 1628 wrote to memory of 3656	1628	3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe	WerFault.exe
PID 1628 wrote to memory of 3656	1628	3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe
"C:\Users\Admin\AppData\Local\Temp\3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 324
2⤵
- Program crash
PID:3656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 324
2⤵
- Program crash
PID:1260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1628 -ip 1628
1⤵
PID:3592

memory/1628-133-0x0000000000750000-0x0000000000783000-memory.dmp

Filesize
204KB

Download
memory/3656-134-0x0000000000000000-mapping.dmp

Download