c39f7cad1e453237d0a72e10e112d488dda76ab561f09fcbf08c1fbaf3334177

Analysis

max time kernel
152s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 06:39

Target

c39f7cad1e453237d0a72e10e112d488dda76ab561f09fcbf08c1fbaf3334177.exe
Size

47KB
MD5

c3002be2df769224095a25779660d7ea
SHA1

c6ad7fee3f794b7a5d47738eacd6c909c820549f
SHA256

c39f7cad1e453237d0a72e10e112d488dda76ab561f09fcbf08c1fbaf3334177
SHA512

24d6df83d9f5aa1e242a4da4a5aad0a441b98cbe1e90a701d34f3549da678fadf43b2f849d15b743d5db36557d32de7704777bf27c06759da6c21e343f707723
SSDEEP

768:o8/BI+B3aH2GYvX58eggHjjUgA/qIz+4Y70k+Rt8VDEVkHG3E3/12:o8ZGxy5hggHjjUHXi42uRWVDEEGE12

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
764	3824	WerFault.exe	82
2016	3824	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3824 wrote to memory of 764	3824	c39f7cad1e453237d0a72e10e112d488dda76ab561f09fcbf08c1fbaf3334177.exe	84
PID 3824 wrote to memory of 764	3824	c39f7cad1e453237d0a72e10e112d488dda76ab561f09fcbf08c1fbaf3334177.exe	84
PID 3824 wrote to memory of 764	3824	c39f7cad1e453237d0a72e10e112d488dda76ab561f09fcbf08c1fbaf3334177.exe	84

C:\Users\Admin\AppData\Local\Temp\c39f7cad1e453237d0a72e10e112d488dda76ab561f09fcbf08c1fbaf3334177.exe
"C:\Users\Admin\AppData\Local\Temp\c39f7cad1e453237d0a72e10e112d488dda76ab561f09fcbf08c1fbaf3334177.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3824
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 276
  2⤵
  - Program crash
  PID:764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 276
  2⤵
  - Program crash
  PID:2016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 3824 -ip 3824
1⤵
PID:712