8e12d8cb25a85392d8e14d429b725c635776731d1546ad5d8c88afb09e8e2856

Analysis

max time kernel
135s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2023, 04:21

Target

8adb6bf170d9e58bd51021619c8d74a0.exe
Size

3.0MB
MD5

8adb6bf170d9e58bd51021619c8d74a0
SHA1

fe37f27bb1c348e21ff0f656ed3efd100627f199
SHA256

8e12d8cb25a85392d8e14d429b725c635776731d1546ad5d8c88afb09e8e2856
SHA512

63e50768c6c057f6fca5855827adcfcaef198b67dd6fa3f874278cf0a6937ad4dec0d26e366ac3873aa92aee1510acb632b188af8031502d9382fb0e0140d3da
SSDEEP

98304:0ahXe72/ZtsBYxnI+mO39DhslFZgypfOcdqVlkRYFu:ORY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3000	3192	WerFault.exe	83

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 4620	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	85
PID 3192 wrote to memory of 4620	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	85
PID 3192 wrote to memory of 4620	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	85
PID 3192 wrote to memory of 4436	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	86
PID 3192 wrote to memory of 4436	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	86
PID 3192 wrote to memory of 4436	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	86
PID 3192 wrote to memory of 408	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	87
PID 3192 wrote to memory of 408	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	87
PID 3192 wrote to memory of 408	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	87
PID 3192 wrote to memory of 4792	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	88
PID 3192 wrote to memory of 4792	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	88
PID 3192 wrote to memory of 4792	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	88
PID 3192 wrote to memory of 3684	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	89
PID 3192 wrote to memory of 3684	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	89
PID 3192 wrote to memory of 3684	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	89
PID 3192 wrote to memory of 2712	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	90
PID 3192 wrote to memory of 2712	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	90
PID 3192 wrote to memory of 2712	3192	8adb6bf170d9e58bd51021619c8d74a0.exe	90

C:\Users\Admin\AppData\Local\Temp\8adb6bf170d9e58bd51021619c8d74a0.exe
"C:\Users\Admin\AppData\Local\Temp\8adb6bf170d9e58bd51021619c8d74a0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:4620
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:4436
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:408
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:4792
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:3684
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2712
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 300
  2⤵
  - Program crash
  PID:3000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3192 -ip 3192
1⤵
PID:544