cf4cca2625d7346d0285eebfde1f518846ea7a10c9dbd598fd3b084543c019bc

Analysis

max time kernel
340s
max time network
354s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 15:38

Target

cf4cca2625d7346d0285eebfde1f518846ea7a10c9dbd598fd3b084543c019bc.exe
Size

613KB
MD5

571c5c70a7f1a5402e9e28d6e0cc16e7
SHA1

1cc8724098dd02a0452ea7e91de1dec9db61f189
SHA256

cf4cca2625d7346d0285eebfde1f518846ea7a10c9dbd598fd3b084543c019bc
SHA512

91d09e259651c5b24ca8324ef6312b65ad8b2fea3cf9418363210381f1e794087f3bdf8e4478478366ef339242c1c12537dd4f0eefe5ad2fba698d5b938f479a
SSDEEP

12288:ka8zKTLPe75vXUgRFg2vVrUD85/GMeWuq/Sp5vT4ERnyhi/FaI0zZbl+08kDtV:ka8zKTL275vXUgRFNoY+Lq/SzT/hNYZj

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
856	4292	WerFault.exe	79
2360	4292	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 856	4292	cf4cca2625d7346d0285eebfde1f518846ea7a10c9dbd598fd3b084543c019bc.exe	82
PID 4292 wrote to memory of 856	4292	cf4cca2625d7346d0285eebfde1f518846ea7a10c9dbd598fd3b084543c019bc.exe	82
PID 4292 wrote to memory of 856	4292	cf4cca2625d7346d0285eebfde1f518846ea7a10c9dbd598fd3b084543c019bc.exe	82

C:\Users\Admin\AppData\Local\Temp\cf4cca2625d7346d0285eebfde1f518846ea7a10c9dbd598fd3b084543c019bc.exe
"C:\Users\Admin\AppData\Local\Temp\cf4cca2625d7346d0285eebfde1f518846ea7a10c9dbd598fd3b084543c019bc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 408
  2⤵
  - Program crash
  PID:856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 408
  2⤵
  - Program crash
  PID:2360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4292 -ip 4292
1⤵
PID:1784