bfab7d4e22c5f74fd6480ca211b4ec6d68e60b3fd81c6bee14d2bd41bd8a7a7d

Analysis

max time kernel
89s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 13:19

Target

71c6dbf0c2c0fd7090cededf7e84d5eb.exe
Size

619KB
MD5

71c6dbf0c2c0fd7090cededf7e84d5eb
SHA1

ebe5dacf93fc4deae2e90e5a084a547b2e937974
SHA256

bfab7d4e22c5f74fd6480ca211b4ec6d68e60b3fd81c6bee14d2bd41bd8a7a7d
SHA512

41692b78ae7366026f29bc673ed7ff12af041e196a0ffb8660de3bdec9ae5a47877a7338bc8ec0aa75e8dbf49cb93b2ef17e5e6256c9be31279becb6543700af
SSDEEP

12288:9f+XNDGoVZvUiJjaN+bTa4eJZD3RhmshEOH9O+SA6YzLG:sX1xJj39evD3RDaOdf6QLG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4492	4056	WerFault.exe	49

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4056 wrote to memory of 2224	4056	71c6dbf0c2c0fd7090cededf7e84d5eb.exe	89
PID 4056 wrote to memory of 2224	4056	71c6dbf0c2c0fd7090cededf7e84d5eb.exe	89
PID 4056 wrote to memory of 2224	4056	71c6dbf0c2c0fd7090cededf7e84d5eb.exe	89

C:\Users\Admin\AppData\Local\Temp\71c6dbf0c2c0fd7090cededf7e84d5eb.exe
"C:\Users\Admin\AppData\Local\Temp\71c6dbf0c2c0fd7090cededf7e84d5eb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4056
- C:\Users\Admin\AppData\Local\Temp\71c6dbf0c2c0fd7090cededf7e84d5eb.exe
  "C:\Users\Admin\AppData\Local\Temp\71c6dbf0c2c0fd7090cededf7e84d5eb.exe"
  2⤵
  PID:2224
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 364
  2⤵
  - Program crash
  PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4056 -ip 4056
1⤵
PID:2168

memory/4056-1-0x00000000000A0000-0x00000000001A0000-memory.dmp

Filesize
1024KB

Download
memory/4056-2-0x0000000000AD0000-0x0000000000AD2000-memory.dmp

Filesize
8KB

Download