3573106118b6897f8f8f4e3443257659e792521c9d3c423eb1ec13132d51c139

Analysis

max time kernel
145s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 06:25

Target

110355bdb848f7ec00101de58688a34a.exe
Size

105KB
MD5

110355bdb848f7ec00101de58688a34a
SHA1

8ef44ef6d7c7c7cd9e460bf024437f0c68ec3955
SHA256

3573106118b6897f8f8f4e3443257659e792521c9d3c423eb1ec13132d51c139
SHA512

388e2f5600bd373002bc3afa97565c0893d19ac26681d1d143a51dbc4802f29557adee09d80d0da8931750bb21050cc2c1f512216da356ee98e64779d1037244
SSDEEP

1536:zBlRon8JZKXZGYhISdWRDA0ksJKDFixL7rY6MhaGPf2:ZGkaFI0Wpkswi5PY6IaAf2

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3920	4372	WerFault.exe	88
4020	4372	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 3920	4372	110355bdb848f7ec00101de58688a34a.exe	97
PID 4372 wrote to memory of 3920	4372	110355bdb848f7ec00101de58688a34a.exe	97
PID 4372 wrote to memory of 3920	4372	110355bdb848f7ec00101de58688a34a.exe	97

C:\Users\Admin\AppData\Local\Temp\110355bdb848f7ec00101de58688a34a.exe
"C:\Users\Admin\AppData\Local\Temp\110355bdb848f7ec00101de58688a34a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 364
  2⤵
  - Program crash
  PID:3920
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 364
  2⤵
  - Program crash
  PID:4020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4372 -ip 4372
1⤵
PID:1532

memory/4372-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download