b4b3ba114ad79eb96b5d66b9f9e9a73480472da1dd82d7a2fb5de837efbdcbda

Analysis

max time kernel
283s
max time network
377s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 11:29

Target

b4b3ba114ad79eb96b5d66b9f9e9a73480472da1dd82d7a2fb5de837efbdcbda.exe
Size

410KB
MD5

c86c607af3e7a2363c519f8c2d4ea50e
SHA1

2429e505445dab7a671a4f429ca498162a82b35a
SHA256

b4b3ba114ad79eb96b5d66b9f9e9a73480472da1dd82d7a2fb5de837efbdcbda
SHA512

c2b7a84fdc33a4c35a484e8b075a64d0450917ff32100bb4925951b592a418f17550692f1e2b0531a36e185fa3b14955d751cf3344247063b6568701cca1f41e
SSDEEP

6144:+ptvC7TlGDMoqJnD48CCKVBzakE7G/XAxb5vSr31RYDrLhCxPJA:sC7ZrRD48CJVBz+1xbh831RYDrd

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3596	4700	WerFault.exe	78
1528	4700	WerFault.exe	78

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4700 wrote to memory of 3596	4700	b4b3ba114ad79eb96b5d66b9f9e9a73480472da1dd82d7a2fb5de837efbdcbda.exe	81
PID 4700 wrote to memory of 3596	4700	b4b3ba114ad79eb96b5d66b9f9e9a73480472da1dd82d7a2fb5de837efbdcbda.exe	81
PID 4700 wrote to memory of 3596	4700	b4b3ba114ad79eb96b5d66b9f9e9a73480472da1dd82d7a2fb5de837efbdcbda.exe	81

C:\Users\Admin\AppData\Local\Temp\b4b3ba114ad79eb96b5d66b9f9e9a73480472da1dd82d7a2fb5de837efbdcbda.exe
"C:\Users\Admin\AppData\Local\Temp\b4b3ba114ad79eb96b5d66b9f9e9a73480472da1dd82d7a2fb5de837efbdcbda.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4700
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 540
  2⤵
  - Program crash
  PID:3596
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 540
  2⤵
  - Program crash
  PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4700 -ip 4700
1⤵
PID:4680

memory/4700-132-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4700-133-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download