40bc1863f0e8d1cddcc19cdc6ae843cca0ad533064f2f5f3f0c6d85363af9e2b

Analysis

max time kernel
139s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/12/2023, 20:39

Target

f6948133509412ebe11ab123a55ff8cb.exe
Size

180KB
MD5

f6948133509412ebe11ab123a55ff8cb
SHA1

a822bab4fd910b5173605262c97a6b2baa0e2a55
SHA256

40bc1863f0e8d1cddcc19cdc6ae843cca0ad533064f2f5f3f0c6d85363af9e2b
SHA512

c4c4581d621a66cdd9747c33f4fb94a4eeb0c4209724191e6a8b5a3e737b4c83f4cddf7fc8208fd0664b263c2526a687b028c718e57d9129566b2aaefe047804
SSDEEP

3072:JRlECi5VMMMMMMMMMMMMMMMMMMbH+SwMMMMMMMMMMMMMMMMMMJFsWG0fnN00/wbd:7lEF5VMMMMMMMMMMMMMMMMMMbVwMMMMA

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
536	1680	WerFault.exe	88
648	1680	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 536	1680	f6948133509412ebe11ab123a55ff8cb.exe	94
PID 1680 wrote to memory of 536	1680	f6948133509412ebe11ab123a55ff8cb.exe	94
PID 1680 wrote to memory of 536	1680	f6948133509412ebe11ab123a55ff8cb.exe	94

C:\Users\Admin\AppData\Local\Temp\f6948133509412ebe11ab123a55ff8cb.exe
"C:\Users\Admin\AppData\Local\Temp\f6948133509412ebe11ab123a55ff8cb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 456
  2⤵
  - Program crash
  PID:536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 456
  2⤵
  - Program crash
  PID:648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1680 -ip 1680
1⤵
PID:1604

memory/1680-0-0x0000000000400000-0x0000000000D15000-memory.dmp

Filesize
9.1MB

Download
memory/1680-1-0x0000000000400000-0x0000000000D15000-memory.dmp

Filesize
9.1MB

Download
memory/1680-2-0x0000000000400000-0x0000000000D15000-memory.dmp

Filesize
9.1MB

Download