37931c8c0cf2cb7b05e70806c38e30cfb9037a2752a535e22362b0fd52a25a11

Analysis

max time kernel
22s
max time network
26s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2023, 14:14

Target

kutas.zip
Size

5.9MB
MD5

727f2ccee5a144f454e8687146ef7d40
SHA1

bf6e2b421a8f96ac84f54886f864fb74ad8d236d
SHA256

37931c8c0cf2cb7b05e70806c38e30cfb9037a2752a535e22362b0fd52a25a11
SHA512

6f3cab9803f6324ca1a1ab5477c157ab4983aa221cd0d779dbd1a54356eb05d093b2d9165f56526fc3d4ec2945309b481eff6db8167351b569ffadf248666aad
SSDEEP

98304:A+HQPxpx/agsYlELeMSX07JahwIjeb3ueFbiVhhOw/DG6WPO8jFoI+7hYsNCH4xb:ZwfMgplc7pJ2ZeieFbipOw/aA8jFT+99

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
616	4864	WerFault.exe	90

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4864	BlazinHack.exe
4864	BlazinHack.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\kutas.zip
1⤵
PID:1860

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4052

C:\Users\Admin\Desktop\BlazinHack.exe
"C:\Users\Admin\Desktop\BlazinHack.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4864
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4864 -s 1340
  2⤵
  - Program crash
  PID:616

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 464 -p 4864 -ip 4864
1⤵
PID:2780

memory/4864-132-0x00007FF6D2FB0000-0x00007FF6D3558000-memory.dmp

Filesize
5.7MB

Download
memory/4864-133-0x00007FFD06340000-0x00007FFD06E01000-memory.dmp

Filesize
10.8MB

Download
memory/4864-134-0x00007FFD06340000-0x00007FFD06E01000-memory.dmp

Filesize
10.8MB

Download