98d7f9a8d8082ea92e0af84d5aa31a7252c46caf6f2b81ee605b43efcbb4a553

Analysis

max time kernel
184s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 02:05

Target

98d7f9a8d8082ea92e0af84d5aa31a7252c46caf6f2b81ee605b43efcbb4a553.exe
Size

88KB
MD5

774551d4e2b917be5631d8054a0a9e37
SHA1

497c175b4004d20c24844562d28faa2734cdedc1
SHA256

98d7f9a8d8082ea92e0af84d5aa31a7252c46caf6f2b81ee605b43efcbb4a553
SHA512

dfa699ed5258e3f04084877abafc10e50e765fc371a53026c320c80fd7e67f6da4c301cb1b687370538bd792a9e82d9b41730d189396ff59a22f7393bb3287e5
SSDEEP

768:NMxcnRgrbjSn7cOR9pZaUMAAT61bbxNwTKHnxX18RW8LbtKUcYi6Wa/fPds/qLG0:NMx/XdORtqKbDwY8RvtKOfdHe/DwbAXY

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1872	4324	WerFault.exe	76
1776	4324	WerFault.exe	76

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4324 wrote to memory of 1872	4324	98d7f9a8d8082ea92e0af84d5aa31a7252c46caf6f2b81ee605b43efcbb4a553.exe	82
PID 4324 wrote to memory of 1872	4324	98d7f9a8d8082ea92e0af84d5aa31a7252c46caf6f2b81ee605b43efcbb4a553.exe	82
PID 4324 wrote to memory of 1872	4324	98d7f9a8d8082ea92e0af84d5aa31a7252c46caf6f2b81ee605b43efcbb4a553.exe	82

C:\Users\Admin\AppData\Local\Temp\98d7f9a8d8082ea92e0af84d5aa31a7252c46caf6f2b81ee605b43efcbb4a553.exe
"C:\Users\Admin\AppData\Local\Temp\98d7f9a8d8082ea92e0af84d5aa31a7252c46caf6f2b81ee605b43efcbb4a553.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4324
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 264
  2⤵
  - Program crash
  PID:1872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 264
  2⤵
  - Program crash
  PID:1776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 4324 -ip 4324
1⤵
PID:4200