e1f74c80fa76a1b7b66aeee0fd50cb8de17f49bb1ae9d9d2dd82cb4dd2e6596d

Analysis

max time kernel
154s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 09:21

Target

145b537b1c11f0faf03b397d0fb96fe3.exe
Size

174KB
MD5

145b537b1c11f0faf03b397d0fb96fe3
SHA1

4f9cc91a34c3b1edd72f4b5afecfd3695c58dbca
SHA256

e1f74c80fa76a1b7b66aeee0fd50cb8de17f49bb1ae9d9d2dd82cb4dd2e6596d
SHA512

c73977ede649d7eb22ebb964e57d7d3a23229489e67cb26520b7c2a20bc6aa9766db02621b8459e160c13db5d1cdf6a86b98524650a3cd7bd774a41ff89c0afd
SSDEEP

3072:O/MWN54iNYywxF/WgQOF00IHQ7IecytypTG8FLFXmPwXALuAkzP0bPS41hH2:yMWbwndlSmIDNnMwTXyq2hW

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4332	2148	WerFault.exe	88
2444	2148	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 4332	2148	145b537b1c11f0faf03b397d0fb96fe3.exe	93
PID 2148 wrote to memory of 4332	2148	145b537b1c11f0faf03b397d0fb96fe3.exe	93
PID 2148 wrote to memory of 4332	2148	145b537b1c11f0faf03b397d0fb96fe3.exe	93

C:\Users\Admin\AppData\Local\Temp\145b537b1c11f0faf03b397d0fb96fe3.exe
"C:\Users\Admin\AppData\Local\Temp\145b537b1c11f0faf03b397d0fb96fe3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 460
  2⤵
  - Program crash
  PID:4332
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 460
  2⤵
  - Program crash
  PID:2444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2148 -ip 2148
1⤵
PID:4548