c99058ec530f279b25efe7447c9e8ad296a590ed49c14722c11bc68a2f15b0dd

Analysis

max time kernel
221s
max time network
224s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 13:44

Target

c99058ec530f279b25efe7447c9e8ad296a590ed49c14722c11bc68a2f15b0dd.exe
Size

8KB
MD5

814e04da8c9f6e1601384298a8b68dfd
SHA1

987e6f8be81487c3ecdb5862f54a21c2d3980bf5
SHA256

c99058ec530f279b25efe7447c9e8ad296a590ed49c14722c11bc68a2f15b0dd
SHA512

fa4b6f55c4929590aebb63d6f37f0df59125266cb3fb2909b838d2a832b97bd4d6eba642d15988cb23cb54281c307565f4ac3406c083ce64302d1d2801d53f37
SSDEEP

192:aIGc1Zl2+VAfNxl1THs6xgzgVGjPlRdq6L766nQAzX:aIGcMJxDTHfRmy4h

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4644	724	WerFault.exe	79
3172	724	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 724 wrote to memory of 4644	724	c99058ec530f279b25efe7447c9e8ad296a590ed49c14722c11bc68a2f15b0dd.exe	82
PID 724 wrote to memory of 4644	724	c99058ec530f279b25efe7447c9e8ad296a590ed49c14722c11bc68a2f15b0dd.exe	82
PID 724 wrote to memory of 4644	724	c99058ec530f279b25efe7447c9e8ad296a590ed49c14722c11bc68a2f15b0dd.exe	82

C:\Users\Admin\AppData\Local\Temp\c99058ec530f279b25efe7447c9e8ad296a590ed49c14722c11bc68a2f15b0dd.exe
"C:\Users\Admin\AppData\Local\Temp\c99058ec530f279b25efe7447c9e8ad296a590ed49c14722c11bc68a2f15b0dd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 496
  2⤵
  - Program crash
  PID:4644
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 496
  2⤵
  - Program crash
  PID:3172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 724 -ip 724
1⤵
PID:1972