1123a1f38955432ac4f4391d41990fdac261298fa6f7402181c0f29afdd6b352

Analysis

max time kernel
138s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 00:06

Target

452797f4a071c740e632ff212a3e63d2.exe
Size

561KB
MD5

452797f4a071c740e632ff212a3e63d2
SHA1

d95c7f00929320a6e4cb37c7cdd16746de2ec318
SHA256

1123a1f38955432ac4f4391d41990fdac261298fa6f7402181c0f29afdd6b352
SHA512

fcb97cdf90416abe0b006b25f5ab2c1022ff38c27d0de98ce9ed2c814fb3a99acda683fb18446c9fe0b90f537a249b33ac5c7ee7f011345e16889f93b56f989e
SSDEEP

6144:BdmNry2poYb9BjvecY7rmviZRH89XcrTFmeaTJrJb7LA+OfYs7friaorqAxeHhg2:BOZVWcwA3bb7cRtSzqA0+N4iC

Score

3^/10

Program crash 3 IoCs

pid	pid_target	Process	procid_target
972	840	WerFault.exe	87
1152	4796	WerFault.exe	96
1976	3704	WerFault.exe	95

Suspicious use of UnmapMainImage 3 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 4796	840	452797f4a071c740e632ff212a3e63d2.exe	96
PID 840 wrote to memory of 4796	840	452797f4a071c740e632ff212a3e63d2.exe	96
PID 840 wrote to memory of 4796	840	452797f4a071c740e632ff212a3e63d2.exe	96
PID 840 wrote to memory of 3704	840	452797f4a071c740e632ff212a3e63d2.exe	95
PID 840 wrote to memory of 3704	840	452797f4a071c740e632ff212a3e63d2.exe	95
PID 840 wrote to memory of 3704	840	452797f4a071c740e632ff212a3e63d2.exe	95

C:\Users\Admin\AppData\Local\Temp\452797f4a071c740e632ff212a3e63d2.exe
"C:\Users\Admin\AppData\Local\Temp\452797f4a071c740e632ff212a3e63d2.exe"
1⤵
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 520
  2⤵
  - Program crash
  PID:972
- C:\Users\Admin\AppData\Local\Temp\452797f4a071c740e632ff212a3e63d2.exe
  watch
  2⤵
  - Suspicious use of UnmapMainImage
  PID:3704
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 488
    3⤵
    - Program crash
    PID:1976
- C:\Users\Admin\AppData\Local\Temp\452797f4a071c740e632ff212a3e63d2.exe
  start
  2⤵
  - Suspicious use of UnmapMainImage
  PID:4796
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 488
    3⤵
    - Program crash
    PID:1152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 840 -ip 840
1⤵
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3704 -ip 3704
1⤵
PID:1736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4796 -ip 4796
1⤵
PID:316

memory/840-0-0x000000007FE30000-0x000000007FE4F000-memory.dmp

Filesize
124KB

Download
memory/840-1-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/840-2-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/3704-4-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/3704-6-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/4796-3-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/4796-5-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download