c6d3b363209a33b090196d5e7c6ebff42f7d4aa919c46042dc710bb560ab7244

Analysis

max time kernel
288s
max time network
365s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 13:02

Target

c6d3b363209a33b090196d5e7c6ebff42f7d4aa919c46042dc710bb560ab7244.exe
Size

126KB
MD5

26eaa0de899a3a6407e981ca3cb9d4a1
SHA1

6a41c261b2c34d45deeb805da04cbb16b9bddd48
SHA256

c6d3b363209a33b090196d5e7c6ebff42f7d4aa919c46042dc710bb560ab7244
SHA512

1bcc80240582d94f921694d9dd753c025cadfafd29d5fd383c08deb12714e9c4d94338319f2d0b80fc2ca2e049e1426ef8d141538f88019432588f9d134d8861
SSDEEP

3072:Sa6nRnsSFieftPYwjlcoLtHOP2xGDguiIbnlgysWBMY1:URnKsFR4aMnWXWBM

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
732	4512	WerFault.exe	79
4940	4512	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 732	4512	c6d3b363209a33b090196d5e7c6ebff42f7d4aa919c46042dc710bb560ab7244.exe	82
PID 4512 wrote to memory of 732	4512	c6d3b363209a33b090196d5e7c6ebff42f7d4aa919c46042dc710bb560ab7244.exe	82
PID 4512 wrote to memory of 732	4512	c6d3b363209a33b090196d5e7c6ebff42f7d4aa919c46042dc710bb560ab7244.exe	82

C:\Users\Admin\AppData\Local\Temp\c6d3b363209a33b090196d5e7c6ebff42f7d4aa919c46042dc710bb560ab7244.exe
"C:\Users\Admin\AppData\Local\Temp\c6d3b363209a33b090196d5e7c6ebff42f7d4aa919c46042dc710bb560ab7244.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 228
  2⤵
  - Program crash
  PID:732
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 228
  2⤵
  - Program crash
  PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4512 -ip 4512
1⤵
PID:3020