21e92c5b322079edc40dac0fc4c19078ee06622c863fd559faae1fdbf3700a0b

Analysis

max time kernel
144s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 05:48

Target

093366b6536286beab1d3968c69948e7.exe
Size

553KB
MD5

093366b6536286beab1d3968c69948e7
SHA1

f20c57681de1ba54311f57fe3c283dad7a110e8f
SHA256

21e92c5b322079edc40dac0fc4c19078ee06622c863fd559faae1fdbf3700a0b
SHA512

7c4e01df9e6eb57978153b7f789745b3ae6fb221ccd5473838401813373b9fd96bdc20bc36b8ef905583ba4c4ff570fb4d0be9da2f7fad06af3be020393e8893
SSDEEP

6144:JrPe87we8zvtqgIl1Mltu7KgxHCttAL927uuIPsMopd2KVYkRBpwBn678YYWeEx:JrP5z8rtdIlWt0K0mtAR27NIJofvUy

Score

3^/10

Program crash 3 IoCs

pid	pid_target	Process	procid_target
460	1320	WerFault.exe	14
5100	3216	WerFault.exe	41
3120	548	WerFault.exe	42

Suspicious use of UnmapMainImage 3 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 548	1320	093366b6536286beab1d3968c69948e7.exe	42
PID 1320 wrote to memory of 548	1320	093366b6536286beab1d3968c69948e7.exe	42
PID 1320 wrote to memory of 548	1320	093366b6536286beab1d3968c69948e7.exe	42
PID 1320 wrote to memory of 3216	1320	093366b6536286beab1d3968c69948e7.exe	41
PID 1320 wrote to memory of 3216	1320	093366b6536286beab1d3968c69948e7.exe	41
PID 1320 wrote to memory of 3216	1320	093366b6536286beab1d3968c69948e7.exe	41

C:\Users\Admin\AppData\Local\Temp\093366b6536286beab1d3968c69948e7.exe
"C:\Users\Admin\AppData\Local\Temp\093366b6536286beab1d3968c69948e7.exe"
1⤵
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 556
  2⤵
  - Program crash
  PID:460
- C:\Users\Admin\AppData\Local\Temp\093366b6536286beab1d3968c69948e7.exe
  watch
  2⤵
  - Suspicious use of UnmapMainImage
  PID:3216
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 552
    3⤵
    - Program crash
    PID:5100
- C:\Users\Admin\AppData\Local\Temp\093366b6536286beab1d3968c69948e7.exe
  start
  2⤵
  - Suspicious use of UnmapMainImage
  PID:548
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 552
    3⤵
    - Program crash
    PID:3120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1320 -ip 1320
1⤵
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3216 -ip 3216
1⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 548 -ip 548
1⤵
PID:1928

memory/548-3-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/548-5-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1320-0-0x00000000021F0000-0x000000000220F000-memory.dmp

Filesize
124KB

Download
memory/1320-1-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1320-2-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3216-4-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3216-6-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download