916b29893883170338ebfbfbfc0d6161fa262a7b6f13d6a8ad74c8a1cd46395f

Analysis

max time kernel
147s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 01:29

Target

496472b169b3391d0ab74b4c0e90323b.exe
Size

547KB
MD5

496472b169b3391d0ab74b4c0e90323b
SHA1

6effc911e99f79f37f26fd362b863e6432ee3a17
SHA256

916b29893883170338ebfbfbfc0d6161fa262a7b6f13d6a8ad74c8a1cd46395f
SHA512

ccd2e576273e3df44c049b65c6b1b7948f142c5dc573b0f30b97c0f65e8e1d1c0ef7dfb5d581fd6dbc9e7f517b125fe72e771db3abaf77f869b997a854664c54
SSDEEP

12288:XfcLDGoTfMLiJOfjYcSauWQOuT4vRTqZ+740RWJ:0XvJOuaxQLqNqIRRWJ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2456	4640	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 1616	4640	496472b169b3391d0ab74b4c0e90323b.exe	90
PID 4640 wrote to memory of 1616	4640	496472b169b3391d0ab74b4c0e90323b.exe	90
PID 4640 wrote to memory of 1616	4640	496472b169b3391d0ab74b4c0e90323b.exe	90

C:\Users\Admin\AppData\Local\Temp\496472b169b3391d0ab74b4c0e90323b.exe
"C:\Users\Admin\AppData\Local\Temp\496472b169b3391d0ab74b4c0e90323b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Users\Admin\AppData\Local\Temp\496472b169b3391d0ab74b4c0e90323b.exe
  "C:\Users\Admin\AppData\Local\Temp\496472b169b3391d0ab74b4c0e90323b.exe"
  2⤵
  PID:1616
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 356
  2⤵
  - Program crash
  PID:2456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4640 -ip 4640
1⤵
PID:3052

memory/4640-2-0x00000000008E0000-0x00000000008E2000-memory.dmp

Filesize
8KB

Download
memory/4640-1-0x00000000000A0000-0x00000000001A0000-memory.dmp

Filesize
1024KB

Download