935926ff6a895910019f05a6c2000c3c6092a3af9640e7d7b600a439819b634e

Analysis

max time kernel
188s
max time network
254s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 12:22

Target

935926ff6a895910019f05a6c2000c3c6092a3af9640e7d7b600a439819b634e.exe
Size

88KB
MD5

21ec00725c116fa1ce9e31eeb297811c
SHA1

fedca953801ce938f4be726ab13aeb31cabd7c5a
SHA256

935926ff6a895910019f05a6c2000c3c6092a3af9640e7d7b600a439819b634e
SHA512

e02989eeb4cf07ae175be0ce3745342e65bf5ebb8f3a65e9a571ee312916704b1a29c228f927d1c05572c71dd73c4f9f52b8c77cdc9329a3c8e275788c45ccba
SSDEEP

1536:EOUS4okUchofMlOD+MunEHzo+wSdEewBzSQKQEI8E3/tq7o:EQzS3OD+Mu28mEeUi1E3/w7o

Score

3^/10

Program crash 3 IoCs

pid	pid_target	Process	procid_target
3528	228	WerFault.exe	78
2312	228	WerFault.exe	78
4692	228	WerFault.exe	78

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 2312	228	935926ff6a895910019f05a6c2000c3c6092a3af9640e7d7b600a439819b634e.exe	84
PID 228 wrote to memory of 2312	228	935926ff6a895910019f05a6c2000c3c6092a3af9640e7d7b600a439819b634e.exe	84
PID 228 wrote to memory of 2312	228	935926ff6a895910019f05a6c2000c3c6092a3af9640e7d7b600a439819b634e.exe	84

C:\Users\Admin\AppData\Local\Temp\935926ff6a895910019f05a6c2000c3c6092a3af9640e7d7b600a439819b634e.exe
"C:\Users\Admin\AppData\Local\Temp\935926ff6a895910019f05a6c2000c3c6092a3af9640e7d7b600a439819b634e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:228
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 372
  2⤵
  - Program crash
  PID:3528
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 372
  2⤵
  - Program crash
  PID:2312
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 428
  2⤵
  - Program crash
  PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 228 -ip 228
1⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 228 -ip 228
1⤵
PID:4272