3220e4dc0dce9af912dfb5880bc28816b33d298c40b52f84d6cda1258fb4e665

Analysis

max time kernel
81s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
03-03-2023 00:36

Target

Ryujinx.exe
Size

47.8MB
MD5

69625dc483aee7233bf6d575a67fc5b3
SHA1

89b864333053f8012b4c9f12279afa17eb630472
SHA256

3220e4dc0dce9af912dfb5880bc28816b33d298c40b52f84d6cda1258fb4e665
SHA512

3e832cddc932385188182ebfb5e220039e3ef23931ffe21a7074aab2f1575b975b9ead6db126a21a20f3b323d20bd7eb1912004a7a5dab1b6d9a09a409217b2b
SSDEEP

196608:yM/x+TLAB7JoyJ1GHLxbta8qi54+b7nsq2kTTYHpGuC9Kmg9WxpzNWA7VPvjQqZ1:F/WLABtAH6iIMlaQMstH/QTqj63DVw

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
112	1544	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 112	1544	Ryujinx.exe	29
PID 1544 wrote to memory of 112	1544	Ryujinx.exe	29
PID 1544 wrote to memory of 112	1544	Ryujinx.exe	29

C:\Users\Admin\AppData\Local\Temp\Ryujinx.exe
"C:\Users\Admin\AppData\Local\Temp\Ryujinx.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1544 -s 1008
  2⤵
  - Program crash
  PID:112