49f6164c2cf7793165ead65d4bea661deea9f7541327521c467482f38d2deea5

Resubmissions

19-02-2023 23:24

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-02-2023 23:24

Target

Ryujinx.exe
Size

46.8MB
MD5

56cf9039c5449db52e9a61cf2c600edc
SHA1

e9a9072e86c346c594c00f105f6130817330430c
SHA256

49f6164c2cf7793165ead65d4bea661deea9f7541327521c467482f38d2deea5
SHA512

686580524bef85213246c1f5c02f8612a47ac446e5c89e61b043f461f2b5661292c9221f3c252d0e4669910bfc850b851ee1fed07e9f407a5cf3f674bab26104
SSDEEP

196608:yM/x+TLAB7JoyJ1GXLxmxfiaXemGMtv2kTTYHpGuC9Kmg9WxpzNWm34qSKfwEyAu:F/WLABtAXmiSzlaQMqQDRTSx6Iuxx

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2020 1132 WerFault.exe Ryujinx.exe

pid	pid_target	process	target process
2020	1132	WerFault.exe	Ryujinx.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Ryujinx.exe

description	pid	process	target process
PID 1132 wrote to memory of 2020	1132	Ryujinx.exe	WerFault.exe
PID 1132 wrote to memory of 2020	1132	Ryujinx.exe	WerFault.exe
PID 1132 wrote to memory of 2020	1132	Ryujinx.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Ryujinx.exe
"C:\Users\Admin\AppData\Local\Temp\Ryujinx.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1132

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1132 -s 1004
2⤵
- Program crash
PID:2020