57cfeba2275b4cd306c0c0ef4c70be26131a62b7a6136efb364fee14c0d3188b

Analysis

max time kernel
154s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 05:00

Target

57cfeba2275b4cd306c0c0ef4c70be26131a62b7a6136efb364fee14c0d3188b.exe
Size

696KB
MD5

bf88c6819a93885c3b04d531bbad9b11
SHA1

9cb7e9fee85c35cf7398919933f20e050b7de2b2
SHA256

57cfeba2275b4cd306c0c0ef4c70be26131a62b7a6136efb364fee14c0d3188b
SHA512

573d34d43da1bd14f21dd1d2bac5b7b58a5f564a73379f82b50403f14ba85d9f0f890c2e17bac0ba59afb28c8358d02d15f97ed6c2902825ae4f47b3165b7392
SSDEEP

12288:G9RAeTABv7wMZGR4quJtLzGM/hGIjoLYGY3PfrwYdrSTPoVhy875u:WAe+wM4R47Jl341LYf3Pj/QoLZo

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4928	4248	WerFault.exe	78

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 4736	4248	57cfeba2275b4cd306c0c0ef4c70be26131a62b7a6136efb364fee14c0d3188b.exe	79
PID 4248 wrote to memory of 4736	4248	57cfeba2275b4cd306c0c0ef4c70be26131a62b7a6136efb364fee14c0d3188b.exe	79
PID 4248 wrote to memory of 4736	4248	57cfeba2275b4cd306c0c0ef4c70be26131a62b7a6136efb364fee14c0d3188b.exe	79

C:\Users\Admin\AppData\Local\Temp\57cfeba2275b4cd306c0c0ef4c70be26131a62b7a6136efb364fee14c0d3188b.exe
"C:\Users\Admin\AppData\Local\Temp\57cfeba2275b4cd306c0c0ef4c70be26131a62b7a6136efb364fee14c0d3188b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Users\Admin\AppData\Local\Temp\57cfeba2275b4cd306c0c0ef4c70be26131a62b7a6136efb364fee14c0d3188b.exe
  C:\Users\Admin\AppData\Local\Temp\57cfeba2275b4cd306c0c0ef4c70be26131a62b7a6136efb364fee14c0d3188b.exe
  2⤵
  PID:4736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 416
  2⤵
  - Program crash
  PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4248 -ip 4248
1⤵
PID:4932