e72348ae2a09ed5dbdc8cc8b014268c13b634fcca20fb715211ab97f333fc418

Analysis

max time kernel
342s
max time network
386s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 22:18

Target

e72348ae2a09ed5dbdc8cc8b014268c13b634fcca20fb715211ab97f333fc418.exe
Size

340KB
MD5

99a08a8caccac0d6f9c882b19f677246
SHA1

278232b915ac6ce9ed5a604bb0cba6c92d8d96ac
SHA256

e72348ae2a09ed5dbdc8cc8b014268c13b634fcca20fb715211ab97f333fc418
SHA512

8193d91ef4bf1a29c3dbefe9582521661cc15ad7c1d4c194dcc96e230e84b8838c0d5ecee10e6a1f1d92fd9fa8dbb26085ed1db709cfda261ee05296e236e7ed
SSDEEP

6144:0ctIdKF7Yta2UM5IxXF/tIKAL7iFE7sNBo+aa9R3HJxvkSuM4Pyddg:G1tUM5aV/oLOVfhaa9ZpVK

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4336	3696	WerFault.exe	79
1540	3696	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3696 wrote to memory of 4336	3696	e72348ae2a09ed5dbdc8cc8b014268c13b634fcca20fb715211ab97f333fc418.exe	86
PID 3696 wrote to memory of 4336	3696	e72348ae2a09ed5dbdc8cc8b014268c13b634fcca20fb715211ab97f333fc418.exe	86
PID 3696 wrote to memory of 4336	3696	e72348ae2a09ed5dbdc8cc8b014268c13b634fcca20fb715211ab97f333fc418.exe	86

C:\Users\Admin\AppData\Local\Temp\e72348ae2a09ed5dbdc8cc8b014268c13b634fcca20fb715211ab97f333fc418.exe
"C:\Users\Admin\AppData\Local\Temp\e72348ae2a09ed5dbdc8cc8b014268c13b634fcca20fb715211ab97f333fc418.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 268
  2⤵
  - Program crash
  PID:4336
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 268
  2⤵
  - Program crash
  PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3696 -ip 3696
1⤵
PID:3804