d86c17c992aad906803c525a9a6812e7fb03e8055faa46be7c298393d06d2943

Analysis

max time kernel
195s
max time network
218s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 00:03

Target

07eb53738408e6f62cd7136b9e361175.exe
Size

11KB
MD5

07eb53738408e6f62cd7136b9e361175
SHA1

c69cefe242ca6d6fc8ed778fb2db8804b2f4ae72
SHA256

d86c17c992aad906803c525a9a6812e7fb03e8055faa46be7c298393d06d2943
SHA512

0ed4d309b565505d8bd9322e4f60a6c78ddc838722bce66769ad0f8c1c743b254e2c96a5117a7fb3868f6fc410bc1be3585d593ec594597878c7b6393b56c6e2
SSDEEP

192:smj/57AVHnJcgKRA6L0Ek9ZnbzsuFIkl8AV2mFFZmCisi3SXVk27OxG5igJ3D:L8HJ+AXEkbbzBukl8Ao+ZmCieXVL5JD

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2952	4180	WerFault.exe	86
4780	4180	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 2952	4180	07eb53738408e6f62cd7136b9e361175.exe	92
PID 4180 wrote to memory of 2952	4180	07eb53738408e6f62cd7136b9e361175.exe	92
PID 4180 wrote to memory of 2952	4180	07eb53738408e6f62cd7136b9e361175.exe	92

C:\Users\Admin\AppData\Local\Temp\07eb53738408e6f62cd7136b9e361175.exe
"C:\Users\Admin\AppData\Local\Temp\07eb53738408e6f62cd7136b9e361175.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 224
  2⤵
  - Program crash
  PID:2952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 224
  2⤵
  - Program crash
  PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 4180 -ip 4180
1⤵
PID:4916