3195f9eda50568dbe7d2fb99aa33f42dc40de1778d1dddd99666db5178bf6814

Analysis

max time kernel
148s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 23:41

Target

205f6104ea3636d03bf842ae0feaaaf5.exe
Size

159KB
MD5

205f6104ea3636d03bf842ae0feaaaf5
SHA1

43a651a41d3628d5d5298bb6be2b889f9a885218
SHA256

3195f9eda50568dbe7d2fb99aa33f42dc40de1778d1dddd99666db5178bf6814
SHA512

d37b646699e5258f1ce93d52fb086bac7fc9b554fd999bc1e15bc47cad3f11f9988f3c6cae6ffdc7b8f83fe2ab045418c94f481c1995e4924550b83b173e562e
SSDEEP

3072:7a1CujSwV8X8jE3WBFzzNXSTpivh4rmhJfTOBFvRAxU2hK/BAfu8:7qjjn8X93WBB8V8h4rmXfTmFscKx

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2600	2216	WerFault.exe	88
1072	2216	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2600	2216	205f6104ea3636d03bf842ae0feaaaf5.exe	94
PID 2216 wrote to memory of 2600	2216	205f6104ea3636d03bf842ae0feaaaf5.exe	94
PID 2216 wrote to memory of 2600	2216	205f6104ea3636d03bf842ae0feaaaf5.exe	94

C:\Users\Admin\AppData\Local\Temp\205f6104ea3636d03bf842ae0feaaaf5.exe
"C:\Users\Admin\AppData\Local\Temp\205f6104ea3636d03bf842ae0feaaaf5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 224
  2⤵
  - Program crash
  PID:2600
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 224
  2⤵
  - Program crash
  PID:1072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2216 -ip 2216
1⤵
PID:1976

memory/2216-0-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/2216-1-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download