28da89cdb2241a956b25ea64faecc55c70a465a0004b40194f6867c50a679bb1

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 15:46

Target

043654fefab34cc81950ad383f7d834f.exe
Size

629KB
MD5

043654fefab34cc81950ad383f7d834f
SHA1

87edb87d511a0efd86c295a0ddd73c0e2e8dc530
SHA256

28da89cdb2241a956b25ea64faecc55c70a465a0004b40194f6867c50a679bb1
SHA512

a66f4d50cbf786517fe6cb8b951683d3a0c2d27eef11e5ff9475723132d4413802bf438d5c5765524d85d280ccbe32099f815318f46ea8132c2f579b4c474651
SSDEEP

12288:EAiY2k+aE1xBpmjWXLOU0JU5nBD8LiLkLv/fa2LuP3Ky2:oBLqU0W5F8WgbHpy2

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4772	3568	WerFault.exe	88

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3568	043654fefab34cc81950ad383f7d834f.exe

C:\Users\Admin\AppData\Local\Temp\043654fefab34cc81950ad383f7d834f.exe
"C:\Users\Admin\AppData\Local\Temp\043654fefab34cc81950ad383f7d834f.exe"
1⤵
- Suspicious use of UnmapMainImage
PID:3568
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 572
  2⤵
  - Program crash
  PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3568 -ip 3568
1⤵
PID:2196

memory/3568-0-0x0000000002210000-0x000000000222F000-memory.dmp

Filesize
124KB

Download
memory/3568-1-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/3568-2-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download