45990a960a138c30a7d38a9ddedc3d29f19ebf67f3686fd0e41e0cb4d0ef751d

Analysis

max time kernel
84s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2022 13:39

Target

45990a960a138c30a7d38a9ddedc3d29f19ebf67f3686fd0e41e0cb4d0ef751d.exe
Size

158KB
MD5

464f5bda5188d9af5bad6cbd641249f0
SHA1

1ec7a356f2d45f4b531b0ba1e16ff2516e441ecf
SHA256

45990a960a138c30a7d38a9ddedc3d29f19ebf67f3686fd0e41e0cb4d0ef751d
SHA512

075ace73f2d5d052bd570a5e3ddda8fbb8d4fb2b48b2b6c8701c98857d930e360fc710282d3ee7d1ae4d29b4c2c4cfb571211b334635cf54962f8c65c9650fb0
SSDEEP

3072:t2TjsXe8kZ2hUlv8t/PPOrUlphVtZY8r70IouNqUzNDW69v7SO:YHsXNa2f/PdlBLYPI7Nvzd9zb

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

OPERA.exe

pid process

5036 OPERA.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2476 5036 WerFault.exe OPERA.exe

pid	process
5036	OPERA.exe

pid	pid_target	process	target process
2476	5036	WerFault.exe	OPERA.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

45990a960a138c30a7d38a9ddedc3d29f19ebf67f3686fd0e41e0cb4d0ef751d.exe

description	pid	process	target process
PID 3536 wrote to memory of 5036	3536	45990a960a138c30a7d38a9ddedc3d29f19ebf67f3686fd0e41e0cb4d0ef751d.exe	OPERA.exe
PID 3536 wrote to memory of 5036	3536	45990a960a138c30a7d38a9ddedc3d29f19ebf67f3686fd0e41e0cb4d0ef751d.exe	OPERA.exe
PID 3536 wrote to memory of 5036	3536	45990a960a138c30a7d38a9ddedc3d29f19ebf67f3686fd0e41e0cb4d0ef751d.exe	OPERA.exe

C:\Users\Admin\AppData\Local\Temp\45990a960a138c30a7d38a9ddedc3d29f19ebf67f3686fd0e41e0cb4d0ef751d.exe
"C:\Users\Admin\AppData\Local\Temp\45990a960a138c30a7d38a9ddedc3d29f19ebf67f3686fd0e41e0cb4d0ef751d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3536

C:\Users\Admin\AppData\Local\Temp\7z685F8DD0\OPERA.exe
C:\Users\Admin\AppData\Local\Temp\7z685F8DD0\OPERA.exe
2⤵
- Executes dropped EXE
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 228
3⤵
- Program crash
PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5036 -ip 5036
1⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\7z685F8DD0\OPERA.exe
Filesize
131KB

MD5
839395ab05e27aad482e037b948e46b6

SHA1
c2b4fb03d18a416b7d3dce150f0292416fc5d36b

SHA256
3f0760d03639f1ee57fe7ce4e388f2cc6d71199f13f5fcb478a8b9de5e98c830

SHA512
2268a100b6519fdd7c65099affc8ca4242a17e3682d1ed149e17124ff7f1ddb415ecc65a7bd199ab5d929156f8eb4299301b222a585e480fa7d0452ac1a1d006

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z685F8DD0\OPERA.exe
Filesize
131KB

MD5
839395ab05e27aad482e037b948e46b6

SHA1
c2b4fb03d18a416b7d3dce150f0292416fc5d36b

SHA256
3f0760d03639f1ee57fe7ce4e388f2cc6d71199f13f5fcb478a8b9de5e98c830

SHA512
2268a100b6519fdd7c65099affc8ca4242a17e3682d1ed149e17124ff7f1ddb415ecc65a7bd199ab5d929156f8eb4299301b222a585e480fa7d0452ac1a1d006

Download Submit
memory/5036-132-0x0000000000000000-mapping.dmp

Download