24baf91f2daecfd5cee294720942ad9c4ec9494c155fb61f16e67100174e3401

Analysis

max time kernel
138s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 01:18

Target

09d91548566b65c910902591128329ed.exe
Size

92KB
MD5

09d91548566b65c910902591128329ed
SHA1

10db9aec2e9927e99a51fb894c00e1dfcb433ea3
SHA256

24baf91f2daecfd5cee294720942ad9c4ec9494c155fb61f16e67100174e3401
SHA512

5aa96c1449e4df49422e954f123e4e9eef3321f77324b7232da8493862f223149b771ad591f370a3fd8f77e3dc13e3b3cf87fceff96f5555b7c49eaf5d5264f5
SSDEEP

1536:pT3SxL6nomAXChCSxNvry2slgBDzNG/T3XqYEq2Abl4qF8cFyi/0efCGCl1uL4X0:pm5EomSe/rClgBGXt+C4qFA4CGC3uL+0

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2052	3272	WerFault.exe	89
208	3272	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3272 wrote to memory of 2052	3272	09d91548566b65c910902591128329ed.exe	97
PID 3272 wrote to memory of 2052	3272	09d91548566b65c910902591128329ed.exe	97
PID 3272 wrote to memory of 2052	3272	09d91548566b65c910902591128329ed.exe	97

C:\Users\Admin\AppData\Local\Temp\09d91548566b65c910902591128329ed.exe
"C:\Users\Admin\AppData\Local\Temp\09d91548566b65c910902591128329ed.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3272
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 580
  2⤵
  - Program crash
  PID:2052
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 580
  2⤵
  - Program crash
  PID:208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3272 -ip 3272
1⤵
PID:4872