f5e080f9c79a9fd33ce3c642a237afa1082894e3c482b5c15ea9eace208cd2de

Analysis

max time kernel
40s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
17-12-2022 07:33

Target

InstallSetup/bin/AppV/AppVStreamingUX.exe
Size

287KB
MD5

cdb3487bf9587161dcffb48c67633447
SHA1

a8c39e0bd5f98cd0cf2fff213784948bd13cfb97
SHA256

c1c3dd71e7d4f33555485c5e6bb5f2e421a5a92713e84441f3c3c7603534c63a
SHA512

fbf56b89ddc79a4886647d3a4a79e63a2bc32ba51bb4ef75ff294cad6b91556bd5aad82f70c41e59b9b6c468c2fe028ddbc5695ed2a5075344012d47c560d8f4
SSDEEP

3072:CyIen7ExTWZLS0dxYkEmIjedpjMqVVdmabWcONiHNp6ei/EzUHMqVVdmabWcONiK:p7ExKZddZCaqg6RcmCaqg6RhH

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
644	944	WerFault.exe	20

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 644	944	AppVStreamingUX.exe	27
PID 944 wrote to memory of 644	944	AppVStreamingUX.exe	27
PID 944 wrote to memory of 644	944	AppVStreamingUX.exe	27

C:\Users\Admin\AppData\Local\Temp\InstallSetup\bin\AppV\AppVStreamingUX.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup\bin\AppV\AppVStreamingUX.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:944
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 944 -s 664
  2⤵
  - Program crash
  PID:644

memory/644-55-0x0000000000000000-mapping.dmp

Download
memory/944-54-0x000000013FD40000-0x000000013FD88000-memory.dmp

Filesize
288KB

Download