7fc18fe6cea197b84f079605c85a39bb79b73eef015522ffe280f4c5d013fd00 | Triage

Analysis

max time kernel
24s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
19-05-2023 15:35

Sharing

Report Analysis Logs

General

Target

Ryujinx.exe
Size

48.4MB
MD5

eb2f18a268ba03a2461ae885eeeeb98e
SHA1

951a04456e55dcb10565f427c12da083a4f49627
SHA256

7fc18fe6cea197b84f079605c85a39bb79b73eef015522ffe280f4c5d013fd00
SHA512

1a1399ebc758d7d1837aaf44380258f42b8e6896499b9a3c5923232b6a8061096e70a742554b898609823e785f5090050ce3b57afae1af70942c6e93f84ba175
SSDEEP

393216:2atW17zli9byRHIMlavMzhVQN9mIvyNi49Gmg:Tsk9y9x5hVQN9mIv0i49Gmg

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

108 1660 WerFault.exe Ryujinx.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Ryujinx.exe

description	pid	process	target process
PID 1660 wrote to memory of 108	1660	Ryujinx.exe	WerFault.exe
PID 1660 wrote to memory of 108	1660	Ryujinx.exe	WerFault.exe
PID 1660 wrote to memory of 108	1660	Ryujinx.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Ryujinx.exe
"C:\Users\Admin\AppData\Local\Temp\Ryujinx.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1660

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1660 -s 992
2⤵
- Program crash
PID:108

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...