c5e55bd1be3a0c858a5386dd478c4fa7eabbfbaa2186a133638fc1af981eda9a

Analysis

max time kernel
152s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 13:36

Target

c5e55bd1be3a0c858a5386dd478c4fa7eabbfbaa2186a133638fc1af981eda9a.exe
Size

328KB
MD5

68a5e57d880f5ccdbe388ebf47468416
SHA1

04ae59990f45f97efcd109dc8bbc39fb1ed78080
SHA256

c5e55bd1be3a0c858a5386dd478c4fa7eabbfbaa2186a133638fc1af981eda9a
SHA512

d0afaa8f7bb09b75f3a3fe217fe8f2bb351e78031374ddfc07a42116e0357ff93daa7808d5ac7b5a0b666928dce280f752b4c8fe67f7ce4824eabef5c088b23a
SSDEEP

6144:p8CAneHG0jE9iehMTIfe35qqy8BoNVwxS+Iv6rfE4Sf4SW5:Qne9EMehMTIfe35qq9BnxSfv6rfK65

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3764	3196	WerFault.exe	80
1640	3196	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 3764	3196	c5e55bd1be3a0c858a5386dd478c4fa7eabbfbaa2186a133638fc1af981eda9a.exe	84
PID 3196 wrote to memory of 3764	3196	c5e55bd1be3a0c858a5386dd478c4fa7eabbfbaa2186a133638fc1af981eda9a.exe	84
PID 3196 wrote to memory of 3764	3196	c5e55bd1be3a0c858a5386dd478c4fa7eabbfbaa2186a133638fc1af981eda9a.exe	84

C:\Users\Admin\AppData\Local\Temp\c5e55bd1be3a0c858a5386dd478c4fa7eabbfbaa2186a133638fc1af981eda9a.exe
"C:\Users\Admin\AppData\Local\Temp\c5e55bd1be3a0c858a5386dd478c4fa7eabbfbaa2186a133638fc1af981eda9a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 524
  2⤵
  - Program crash
  PID:3764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 524
  2⤵
  - Program crash
  PID:1640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3196 -ip 3196
1⤵
PID:1168

memory/3196-132-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download