c8ac3c7176c1ca49ffab1b7e6b576d9ddd1482b6d6e5489808ce382ba4f908b5

Analysis

max time kernel
295s
max time network
351s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 08:24

Target

c8ac3c7176c1ca49ffab1b7e6b576d9ddd1482b6d6e5489808ce382ba4f908b5.exe
Size

477KB
MD5

91f061b886d038e75b5e3f720de0b785
SHA1

59a105c3eebd337909e75080ed864649867fe637
SHA256

c8ac3c7176c1ca49ffab1b7e6b576d9ddd1482b6d6e5489808ce382ba4f908b5
SHA512

4dec9f13eb498671c090512acccd4cc7a194c20bbd383c3a2ed2f15cedc3c4a188beca3c7a9b70ef10dc26a884d6a3e6b377d83c6d5d7652a3543cd2f488d2c4
SSDEEP

12288:pcJ52J0w1W0MMZdgfMMMMMMMMLMMMMMMMMMMG7XE3k8:pcJ52l1W0MMEfMMMMMMMMLMMMMMMMMMW

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4724	5092	WerFault.exe	79
4428	5092	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 4428	5092	c8ac3c7176c1ca49ffab1b7e6b576d9ddd1482b6d6e5489808ce382ba4f908b5.exe	83
PID 5092 wrote to memory of 4428	5092	c8ac3c7176c1ca49ffab1b7e6b576d9ddd1482b6d6e5489808ce382ba4f908b5.exe	83
PID 5092 wrote to memory of 4428	5092	c8ac3c7176c1ca49ffab1b7e6b576d9ddd1482b6d6e5489808ce382ba4f908b5.exe	83

C:\Users\Admin\AppData\Local\Temp\c8ac3c7176c1ca49ffab1b7e6b576d9ddd1482b6d6e5489808ce382ba4f908b5.exe
"C:\Users\Admin\AppData\Local\Temp\c8ac3c7176c1ca49ffab1b7e6b576d9ddd1482b6d6e5489808ce382ba4f908b5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 516
  2⤵
  - Program crash
  PID:4724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 516
  2⤵
  - Program crash
  PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5092 -ip 5092
1⤵
PID:5060

memory/5092-132-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download