120c61968543ca7963a281d188124f2ab369b29857aae59ccf5910a8757dfc9a

Analysis

max time kernel
41s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
20-05-2023 23:37

Target

Ryujinx.exe
Size

48.4MB
MD5

16a0a65fc995f7f7242fec9e92e95bfb
SHA1

6f3f390bd4dbda146a2872a7cfab96940802b83d
SHA256

120c61968543ca7963a281d188124f2ab369b29857aae59ccf5910a8757dfc9a
SHA512

95fa830c137984b2d6cd3403238c2e6ac128a0f2c088bbc9b788e8fc483a0c9b4abd16c6f5693469e01f871b752fa91957eed6c51784644328effdd525913c82
SSDEEP

196608:s7at47TJ7z4OW1pBeGx7byuC8a81H54+b7nsq2kTTYHpGuC9Kmg9iKpzNWPOxKY2:2atW17zlitbyoHIMlavM20UpEBi49Gmd

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

560 1748 WerFault.exe Ryujinx.exe

pid	pid_target	process	target process
560	1748	WerFault.exe	Ryujinx.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Ryujinx.exe

description	pid	process	target process
PID 1748 wrote to memory of 560	1748	Ryujinx.exe	WerFault.exe
PID 1748 wrote to memory of 560	1748	Ryujinx.exe	WerFault.exe
PID 1748 wrote to memory of 560	1748	Ryujinx.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Ryujinx.exe
"C:\Users\Admin\AppData\Local\Temp\Ryujinx.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1748 -s 980
  2⤵
  - Program crash
  PID:560