2e8c68757c1d9729ed5b2379196f1eec7c83f7a8d471be284c276811b0929aa3

Analysis

max time kernel
139s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 01:04

Target

09747ef5e0362fbe5244ec7778116c12.exe
Size

140KB
MD5

09747ef5e0362fbe5244ec7778116c12
SHA1

0ebc6d772762e4e20320611712eb309289acf108
SHA256

2e8c68757c1d9729ed5b2379196f1eec7c83f7a8d471be284c276811b0929aa3
SHA512

26ecd23f61bfae7634075418cfbdd1d8d3025fc831a28042334c0fee550af48b78f3b4743180e9e1f56e1c644fbd028d1b5956296bd3c4102bb7acbffde6a671
SSDEEP

3072:wPwprStKVQEqAvcETpS0dhXqLvU1BbSZnUsTkwt4SmRkK1:wPwUZETQghXM+bSNUypCk4

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4360	4660	WerFault.exe	88
1852	4660	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 4360	4660	09747ef5e0362fbe5244ec7778116c12.exe	95
PID 4660 wrote to memory of 4360	4660	09747ef5e0362fbe5244ec7778116c12.exe	95
PID 4660 wrote to memory of 4360	4660	09747ef5e0362fbe5244ec7778116c12.exe	95

C:\Users\Admin\AppData\Local\Temp\09747ef5e0362fbe5244ec7778116c12.exe
"C:\Users\Admin\AppData\Local\Temp\09747ef5e0362fbe5244ec7778116c12.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 224
  2⤵
  - Program crash
  PID:4360
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 224
  2⤵
  - Program crash
  PID:1852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4660 -ip 4660
1⤵
PID:1988

memory/4660-0-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4660-1-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download