1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:52

Target

1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886.exe
Size

222KB
MD5

35f7d4f2f4dfb140a23757fb925ea2a6
SHA1

40d6ec04f746d5a7b7ee8dd6d9037c347816fcb9
SHA256

1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886
SHA512

0edea5be82495a2c0448371bd54a29d97e497bdace173d3f9dcbd9c9590cfed1cc91568902aeb1ec746bca651d6032062b98decc85077338904bb7cc5f83eb02
SSDEEP

6144:c+Hhq+W05MCRGJ/HHojq5cA6jZ622EzP3F:795HGJfImD61F

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886mgr.exe

pid process

3732 1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886mgr.exe

pid	process
3732	1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886mgr.exe

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid	pid_target	process	target process
1696	3732	WerFault.exe	1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886mgr.exe
4516	3732	WerFault.exe	1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886mgr.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886.exe1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886mgr.exe

description	pid	process	target process
PID 3180 wrote to memory of 3732	3180	1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886.exe	1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886mgr.exe
PID 3180 wrote to memory of 3732	3180	1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886.exe	1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886mgr.exe
PID 3180 wrote to memory of 3732	3180	1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886.exe	1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886mgr.exe
PID 3732 wrote to memory of 1696	3732	1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886mgr.exe	WerFault.exe
PID 3732 wrote to memory of 1696	3732	1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886mgr.exe	WerFault.exe
PID 3732 wrote to memory of 1696	3732	1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886mgr.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886.exe
"C:\Users\Admin\AppData\Local\Temp\1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 416
3⤵
- Program crash
PID:1696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 416
3⤵
- Program crash
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3732 -ip 3732
1⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886mgr.exe

Filesize
176KB

MD5
3aae7ee64e5e23915c4fce31d7e30aa9

SHA1
e423085ea6af5e762c1ebd5093ce1c27c2fc4f1a

SHA256
d98fe769f58ca1d1f7d582e16a22f15c3488184b5cdf7a6cecc888efc456809d

SHA512
ffe31a5a840f380502a6124df2a09890cc1b8d881ebe1cbe414940249ed27648b76631134e189a8c85d4b86d992586da10e61ffc8414138c33f77bd272952038

Download Submit
C:\Users\Admin\AppData\Local\Temp\1bf84898c3bfc143a6c7f56a9addf1be625dce1c452978f119b862d192992886mgr.exe

Filesize
176KB

MD5
3aae7ee64e5e23915c4fce31d7e30aa9

SHA1
e423085ea6af5e762c1ebd5093ce1c27c2fc4f1a

SHA256
d98fe769f58ca1d1f7d582e16a22f15c3488184b5cdf7a6cecc888efc456809d

SHA512
ffe31a5a840f380502a6124df2a09890cc1b8d881ebe1cbe414940249ed27648b76631134e189a8c85d4b86d992586da10e61ffc8414138c33f77bd272952038

Download Submit
memory/1696-135-0x0000000000000000-mapping.dmp

Download
memory/3732-132-0x0000000000000000-mapping.dmp

Download