f13cc74ece0910d62873aa2428ebf2002b2eacb7461a66b09be81055bb798515

Analysis

max time kernel
150s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 02:12

Target

0b3f560a20d8429eee540c3cdaf4cc90.exe
Size

511KB
MD5

0b3f560a20d8429eee540c3cdaf4cc90
SHA1

6e1a407362adcf1329cd3ecde4c6a4c8fe041417
SHA256

f13cc74ece0910d62873aa2428ebf2002b2eacb7461a66b09be81055bb798515
SHA512

131d4a3eac9f818f3156c8ed493d6ae52d2a9e86e147ba5724d91bf93a38e392ad582fef1162f44c6f506f2525e337c666fe14f9763c04b5df44405f6d6e5e3d
SSDEEP

12288:V8NgfPGl5a/vRlVuuG9/T5qZEeF01JynkFlKlIhON9pwGkP5:VIa/vo0ZZ01JyqlKlIQN9pwXP5

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4536	4624	WerFault.exe	89
4748	4624	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 4536	4624	0b3f560a20d8429eee540c3cdaf4cc90.exe	95
PID 4624 wrote to memory of 4536	4624	0b3f560a20d8429eee540c3cdaf4cc90.exe	95
PID 4624 wrote to memory of 4536	4624	0b3f560a20d8429eee540c3cdaf4cc90.exe	95

C:\Users\Admin\AppData\Local\Temp\0b3f560a20d8429eee540c3cdaf4cc90.exe
"C:\Users\Admin\AppData\Local\Temp\0b3f560a20d8429eee540c3cdaf4cc90.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 488
  2⤵
  - Program crash
  PID:4536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 488
  2⤵
  - Program crash
  PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4624 -ip 4624
1⤵
PID:3096

memory/4624-0-0x0000000000E90000-0x0000000000F13000-memory.dmp

Filesize
524KB

Download