c6fa82c3940d23f85c6410ff80fe52ed3d8d77936361a291f751ded7b81183f1

Analysis

max time kernel
143s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 02:39

Target

007325d89f8c6c20972e359c912e3af2.exe
Size

58KB
MD5

007325d89f8c6c20972e359c912e3af2
SHA1

e4cc39928d81867e0a766e07dad53fdddefbf662
SHA256

c6fa82c3940d23f85c6410ff80fe52ed3d8d77936361a291f751ded7b81183f1
SHA512

46c9a08e90f1054d0c7bcbc1b0b60d091bfc5dbcf22ee2532fc60e25bd3d614f29839f86a9361b5a1724e6840e2e0470dc4fad0b20d2d85bfea0f89a200186ae
SSDEEP

768:rPzq9QvFSTDG4hQg6owNYsB+SWlteJ/6PUq7kxhZDd3EkgoMhvnFGPUnRPWekoo0:bzq9QSG4hONYW+fl0gP7uwkbsFGPUR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4276	1888	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 4276	1888	007325d89f8c6c20972e359c912e3af2.exe	88
PID 1888 wrote to memory of 4276	1888	007325d89f8c6c20972e359c912e3af2.exe	88
PID 1888 wrote to memory of 4276	1888	007325d89f8c6c20972e359c912e3af2.exe	88

C:\Users\Admin\AppData\Local\Temp\007325d89f8c6c20972e359c912e3af2.exe
"C:\Users\Admin\AppData\Local\Temp\007325d89f8c6c20972e359c912e3af2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 288
  2⤵
  - Program crash
  PID:4276

memory/1888-0-0x0000000044440000-0x0000000044456000-memory.dmp

Filesize
88KB

Download
memory/1888-3-0x0000000044440000-0x0000000044456000-memory.dmp

Filesize
88KB

Download
memory/1888-4-0x0000000044440000-0x0000000044456000-memory.dmp

Filesize
88KB

Download