beb30955982281f5e0d08c2f9291441dfbe91eb69289fafb97517b5bd694e674

Analysis

max time kernel
208s
max time network
228s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 22:10

Target

beb30955982281f5e0d08c2f9291441dfbe91eb69289fafb97517b5bd694e674.exe
Size

150KB
MD5

3c572a8ae14c61812ba2441616d35ee0
SHA1

40a9bc3539a59c8bdf93c67fecdbbd72ffc88a11
SHA256

beb30955982281f5e0d08c2f9291441dfbe91eb69289fafb97517b5bd694e674
SHA512

bac3b8efc9fff502e6181575a8a3d27cb0c2b223df82a07754b2879f67ee3590dfef833694be80e215918e4bff38ecf834ce60fe0ba1d7312756d3f5355b252b
SSDEEP

3072:6ldlXTPtEgUJmh+aDY+puszTjGkZHKZApg0P77mag417WHFRlyAtd6A+:6RTPtEgTh+aDyszTKkZH1pg0P7rb7Wlq

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
3028	E280.tmp

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4580	3028	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 3028	2176	beb30955982281f5e0d08c2f9291441dfbe91eb69289fafb97517b5bd694e674.exe	85
PID 2176 wrote to memory of 3028	2176	beb30955982281f5e0d08c2f9291441dfbe91eb69289fafb97517b5bd694e674.exe	85
PID 2176 wrote to memory of 3028	2176	beb30955982281f5e0d08c2f9291441dfbe91eb69289fafb97517b5bd694e674.exe	85

C:\Users\Admin\AppData\Local\Temp\beb30955982281f5e0d08c2f9291441dfbe91eb69289fafb97517b5bd694e674.exe
"C:\Users\Admin\AppData\Local\Temp\beb30955982281f5e0d08c2f9291441dfbe91eb69289fafb97517b5bd694e674.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Roaming\E280.tmp
  C:\Users\Admin\AppData\Roaming\E280.tmp
  2⤵
  - Executes dropped EXE
  PID:3028
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 264
    3⤵
    - Program crash
    PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3028 -ip 3028
1⤵
PID:4012

C:\Users\Admin\AppData\Roaming\E280.tmp

Filesize
345.0MB

MD5
b6caef046bc5e2891d650db6cf121248

SHA1
b06448ef4197d2f502fff523c5a5cf76018b1beb

SHA256
0677e707490254b85d809ea99d0fc79b310fe221235fd8694d6c0be49523b085

SHA512
d65c015a4be661562dc3b12457c14df5f0d8c14016803f2ea2ec6114bacd6832620765b6bec18a76483a27d6b54fe884f81f4da47e92f09ec414c17bf71d80ee

Download Submit
C:\Users\Admin\AppData\Roaming\E280.tmp

Filesize
345.0MB

MD5
b6caef046bc5e2891d650db6cf121248

SHA1
b06448ef4197d2f502fff523c5a5cf76018b1beb

SHA256
0677e707490254b85d809ea99d0fc79b310fe221235fd8694d6c0be49523b085

SHA512
d65c015a4be661562dc3b12457c14df5f0d8c14016803f2ea2ec6114bacd6832620765b6bec18a76483a27d6b54fe884f81f4da47e92f09ec414c17bf71d80ee

Download Submit
memory/2176-133-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2176-134-0x0000000000030000-0x0000000000033000-memory.dmp

Filesize
12KB

Download
memory/2176-135-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3028-139-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download