38d9e0e1162eee88fbabb5394bc4de79afd492c4bfa88b6edcb7ae9a72c4ab04

Analysis

max time kernel
135s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2023 20:15

Target

38d9e0e1162eee88fbabb5394bc4de79afd492c4bfa88b6edcb7ae9a72c4ab04.exe
Size

1.1MB
MD5

6cd5b62637a864ecbc902ac769f96fb3
SHA1

e0192b0c642277d4d04ab6de3f7182b1f4155835
SHA256

38d9e0e1162eee88fbabb5394bc4de79afd492c4bfa88b6edcb7ae9a72c4ab04
SHA512

52167515987c222a6b9221671a99b4c1944800d82c15daa90d29094165cd52cda3a2533a55786fef465544ad60b0738581680d27d5330f4aaf58e70a663822e6
SSDEEP

24576:44jZgQfcJ8szLSFI5Mx3Z+ZtestXTF/c1CjaLD:NZ5fJgLSF5x3ZigstxoJLD

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2572 4636 WerFault.exe 38d9e0e1162eee88fbabb5394bc4de79afd492c4bfa88b6edcb7ae9a72c4ab04.exe

pid	pid_target	process	target process
2572	4636	WerFault.exe	38d9e0e1162eee88fbabb5394bc4de79afd492c4bfa88b6edcb7ae9a72c4ab04.exe

Modifies Control Panel 3 IoCs

evasion

Processes:

38d9e0e1162eee88fbabb5394bc4de79afd492c4bfa88b6edcb7ae9a72c4ab04.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\sShortDate = "yyyy-MM-dd"	38d9e0e1162eee88fbabb5394bc4de79afd492c4bfa88b6edcb7ae9a72c4ab04.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\iDate = "2"	38d9e0e1162eee88fbabb5394bc4de79afd492c4bfa88b6edcb7ae9a72c4ab04.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\sDate = "-"	38d9e0e1162eee88fbabb5394bc4de79afd492c4bfa88b6edcb7ae9a72c4ab04.exe

C:\Users\Admin\AppData\Local\Temp\38d9e0e1162eee88fbabb5394bc4de79afd492c4bfa88b6edcb7ae9a72c4ab04.exe
"C:\Users\Admin\AppData\Local\Temp\38d9e0e1162eee88fbabb5394bc4de79afd492c4bfa88b6edcb7ae9a72c4ab04.exe"
1⤵
- Modifies Control Panel
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 1260
2⤵
- Program crash
PID:2572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4636 -ip 4636
1⤵
PID:4620

memory/4636-133-0x0000000000400000-0x00000000007EF000-memory.dmp

Filesize
3.9MB

Download
memory/4636-134-0x0000000000400000-0x00000000007EF000-memory.dmp

Filesize
3.9MB

Download
memory/4636-135-0x0000000000400000-0x00000000007EF000-memory.dmp

Filesize
3.9MB

Download
memory/4636-136-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/4636-137-0x0000000000400000-0x00000000007EF000-memory.dmp

Filesize
3.9MB

Download
memory/4636-138-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/4636-140-0x0000000000400000-0x00000000007EF000-memory.dmp

Filesize
3.9MB

Download
memory/4636-142-0x0000000000400000-0x00000000007EF000-memory.dmp

Filesize
3.9MB

Download