d30ea902c6c983dd8f2611866923abaf5730825ac04cec6d8f33490adb800b03

Analysis

max time kernel
194s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 06:50

Target

117730adb9e5a1b93035035987a65698.exe
Size

430KB
MD5

117730adb9e5a1b93035035987a65698
SHA1

b1178f4f1b4713262d769325be157bd344978a9c
SHA256

d30ea902c6c983dd8f2611866923abaf5730825ac04cec6d8f33490adb800b03
SHA512

62cdfafb1ba91e1582e85923311a3f7bdf91576615bd2c06a06c1aa9d27df40da96c5c8bece363618876f59ab99eab26cff91773b4c7f9cebde149fe71ac2524
SSDEEP

6144:Ulsy4TNbEm1B1zzqaCh9Ju/2x+vw0b8ajNglS2+gUXpP9YC4r:UdwNIm1B1zzqrh9Jf+btwSfgUnBI

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3312	4180	WerFault.exe	86
5048	4180	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 3312	4180	117730adb9e5a1b93035035987a65698.exe	95
PID 4180 wrote to memory of 3312	4180	117730adb9e5a1b93035035987a65698.exe	95
PID 4180 wrote to memory of 3312	4180	117730adb9e5a1b93035035987a65698.exe	95

C:\Users\Admin\AppData\Local\Temp\117730adb9e5a1b93035035987a65698.exe
"C:\Users\Admin\AppData\Local\Temp\117730adb9e5a1b93035035987a65698.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 328
  2⤵
  - Program crash
  PID:3312
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 328
  2⤵
  - Program crash
  PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4180 -ip 4180
1⤵
PID:3456

memory/4180-0-0x0000000000A90000-0x0000000000B00000-memory.dmp

Filesize
448KB

Download