45501cde75d3889152fd2d3273b3bbc4142e55b02a8a45c422281a5d54c1a8eb

Analysis

max time kernel
148s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/12/2023, 20:47

Target

f712ec59d714a15e0e9466b40ddf0e34.exe
Size

20KB
MD5

f712ec59d714a15e0e9466b40ddf0e34
SHA1

00cc0f21abb1765a41139745c43669cd44726056
SHA256

45501cde75d3889152fd2d3273b3bbc4142e55b02a8a45c422281a5d54c1a8eb
SHA512

70921b96af63869036db3bf6139eda177083a48518b3b8de06f9d170334ed8cfdac6fad1e78cce3b71c2ed35c3fdcbca1228bac96603f7e697c01d4692c121af
SSDEEP

192:NT0B7jx1nxpOILbJ5bvOiD7A8yDPrztdNL/Bd5f7U1JsjRdKCYnxhf:NTKXn3OIHv7dkzzDlBd5fIn2rBYnxh

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4724	528	WerFault.exe	22
2648	528	WerFault.exe	22

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 528 wrote to memory of 4724	528	f712ec59d714a15e0e9466b40ddf0e34.exe	91
PID 528 wrote to memory of 4724	528	f712ec59d714a15e0e9466b40ddf0e34.exe	91
PID 528 wrote to memory of 4724	528	f712ec59d714a15e0e9466b40ddf0e34.exe	91

C:\Users\Admin\AppData\Local\Temp\f712ec59d714a15e0e9466b40ddf0e34.exe
"C:\Users\Admin\AppData\Local\Temp\f712ec59d714a15e0e9466b40ddf0e34.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:528
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 452
  2⤵
  - Program crash
  PID:4724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 452
  2⤵
  - Program crash
  PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 528 -ip 528
1⤵
PID:4260