c812c0f4db48ca42712db5d11d2f86ec067976f1bd1c4ee149d29c83fab89cf2

Analysis

max time kernel
86s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2023, 19:50

Target

exe.win32-3.8.zip
Size

16.8MB
MD5

cf2e6a6d995e3d94a138a5e266229c70
SHA1

6d832aa27859ca324cad639b7cb26f37bbabbf99
SHA256

c812c0f4db48ca42712db5d11d2f86ec067976f1bd1c4ee149d29c83fab89cf2
SHA512

a1ffaa17a71f44bb32df7866487b5934ca6b98fba841b973cf48151ccd51300e1f112daf292c82cfee7d1c146ff1e999e8d9b30756613529abb4ef41399fbbc2
SSDEEP

393216:yZnQFvbZ/oVXhsfHJneox1WFDshqH4ZagCCIClseRT4:yVQFNoNhQHpeaWFQagCqeeRE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2108	3696	WerFault.exe	93

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 3464	4580	setup.exe	111
PID 4580 wrote to memory of 3464	4580	setup.exe	111
PID 4580 wrote to memory of 3464	4580	setup.exe	111
PID 1380 wrote to memory of 3816	1380	cmd.exe	115
PID 1380 wrote to memory of 3816	1380	cmd.exe	115
PID 1380 wrote to memory of 3816	1380	cmd.exe	115
PID 3816 wrote to memory of 1840	3816	setup.exe	116
PID 3816 wrote to memory of 1840	3816	setup.exe	116
PID 3816 wrote to memory of 1840	3816	setup.exe	116
PID 1380 wrote to memory of 2152	1380	cmd.exe	117
PID 1380 wrote to memory of 2152	1380	cmd.exe	117
PID 1380 wrote to memory of 2152	1380	cmd.exe	117
PID 2152 wrote to memory of 32	2152	setup.exe	118
PID 2152 wrote to memory of 32	2152	setup.exe	118
PID 2152 wrote to memory of 32	2152	setup.exe	118

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\exe.win32-3.8.zip
1⤵
PID:2716

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2340

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 472 -p 3696 -ip 3696
1⤵
PID:5112

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3696 -s 1760
1⤵
- Program crash
PID:2108

C:\Users\Admin\Desktop\exe.win32-3.8\setup.exe
"C:\Users\Admin\Desktop\exe.win32-3.8\setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4580
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:3464

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Users\Admin\Desktop\exe.win32-3.8\setup.exe
  setup ,exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3816
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:1840
- C:\Users\Admin\Desktop\exe.win32-3.8\setup.exe
  setup.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2152
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:32