fae53b8c4a70e9901b91631f20d2c6567e458689d1f26281d8061d14dfa02f81

Analysis

max time kernel
181s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 08:49

Target

fae53b8c4a70e9901b91631f20d2c6567e458689d1f26281d8061d14dfa02f81.exe
Size

265KB
MD5

01d42a360315f10cdc05ac9eb8c12e76
SHA1

c05035fb3010c9142c646adececa7e62a594d6e6
SHA256

fae53b8c4a70e9901b91631f20d2c6567e458689d1f26281d8061d14dfa02f81
SHA512

63dbecac6ce6e5f12f66a51b25f6b2a86c7047f86bd2965a2154120f8a62628d59c7932153ffdf51ac9bbda78bd017173571d9b51e67e59ac554b27daafac708
SSDEEP

6144:CHLTGLpvNW09sgbN6TIKLSglwYR5B8elcig7c:CuLplHas0IKLSgG0snr7

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1496	1692	WerFault.exe	82
220	1692	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 1496	1692	fae53b8c4a70e9901b91631f20d2c6567e458689d1f26281d8061d14dfa02f81.exe	84
PID 1692 wrote to memory of 1496	1692	fae53b8c4a70e9901b91631f20d2c6567e458689d1f26281d8061d14dfa02f81.exe	84
PID 1692 wrote to memory of 1496	1692	fae53b8c4a70e9901b91631f20d2c6567e458689d1f26281d8061d14dfa02f81.exe	84

C:\Users\Admin\AppData\Local\Temp\fae53b8c4a70e9901b91631f20d2c6567e458689d1f26281d8061d14dfa02f81.exe
"C:\Users\Admin\AppData\Local\Temp\fae53b8c4a70e9901b91631f20d2c6567e458689d1f26281d8061d14dfa02f81.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 284
  2⤵
  - Program crash
  PID:1496
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 284
  2⤵
  - Program crash
  PID:220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1692 -ip 1692
1⤵
PID:3160