4cae6d4d6dd780fb16dc38bb143c595c12ebc25709a762dcdb6efc12a13e6a85

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 00:15

Target

083a9da79c3d43bcc29b7fdab4486dc4.exe
Size

88KB
MD5

083a9da79c3d43bcc29b7fdab4486dc4
SHA1

47317500685296500f830efc4f7efc4cba5c496f
SHA256

4cae6d4d6dd780fb16dc38bb143c595c12ebc25709a762dcdb6efc12a13e6a85
SHA512

d07effed2747c147dbf254f3e1f3deedc60a8e13f53af8716f8da9582443cc963f2a0df1b34b052ae72aca4f2c23184cb1743b649f8435d9384ccc7a1e0ed084
SSDEEP

1536:kn3u5lQFW1QeQstUUyGZhNHOesDRNCMIjhUBXMxoiVPEZBtF:O+5lQM1XPnPhNZsDXItUVMofZBt

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4784	592	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 592 wrote to memory of 4784	592	083a9da79c3d43bcc29b7fdab4486dc4.exe	89
PID 592 wrote to memory of 4784	592	083a9da79c3d43bcc29b7fdab4486dc4.exe	89
PID 592 wrote to memory of 4784	592	083a9da79c3d43bcc29b7fdab4486dc4.exe	89

C:\Users\Admin\AppData\Local\Temp\083a9da79c3d43bcc29b7fdab4486dc4.exe
"C:\Users\Admin\AppData\Local\Temp\083a9da79c3d43bcc29b7fdab4486dc4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:592
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 400
  2⤵
  - Program crash
  PID:4784