e1dd69d90809976545268256f587c6547e57c306c71daed503d8ce3b8877abb0

Analysis

max time kernel
87s
max time network
3s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 21:23

Target

e1dd69d90809976545268256f587c6547e57c306c71daed503d8ce3b8877abb0.exe
Size

97KB
MD5

732b3cf0c35e83abf151bac395142a29
SHA1

6c239b562af1dcdbacee9bca3d6b89c4ba39ac98
SHA256

e1dd69d90809976545268256f587c6547e57c306c71daed503d8ce3b8877abb0
SHA512

deafcafcdc3af39755f09c9e4e6ed19a8d61a9b5ecdb714e0e433a5d9c994c001926201c5643a79ba9514ebf57420e93236c5f0f1ab994da2d108c9b55a915e3
SSDEEP

1536:34qhZXalsHtdwl0lo+4EMMyO3OexOSEowTw9SMnxzvRgJoxDWqfqNII2Ca2B:ZhZTHt6+lI/HUOjSiTDMx7JEqfqg2B

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1728	4904	WerFault.exe	74
816	4904	WerFault.exe	74

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4904 wrote to memory of 1728	4904	e1dd69d90809976545268256f587c6547e57c306c71daed503d8ce3b8877abb0.exe	77
PID 4904 wrote to memory of 1728	4904	e1dd69d90809976545268256f587c6547e57c306c71daed503d8ce3b8877abb0.exe	77
PID 4904 wrote to memory of 1728	4904	e1dd69d90809976545268256f587c6547e57c306c71daed503d8ce3b8877abb0.exe	77

C:\Users\Admin\AppData\Local\Temp\e1dd69d90809976545268256f587c6547e57c306c71daed503d8ce3b8877abb0.exe
"C:\Users\Admin\AppData\Local\Temp\e1dd69d90809976545268256f587c6547e57c306c71daed503d8ce3b8877abb0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4904
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 496
  2⤵
  - Program crash
  PID:1728
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 496
  2⤵
  - Program crash
  PID:816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4904 -ip 4904
1⤵
PID:2040