c1c51abbbfa86bd249ba6fb23cc86307a453d461893b2f1beee7e86231a7b024

Analysis

max time kernel
145s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 10:28

Target

15e89a4199d53824248fca468361e7b5.exe
Size

21KB
MD5

15e89a4199d53824248fca468361e7b5
SHA1

5b82df344d912eb5bbf81dc224c4c1c2e47dc4cb
SHA256

c1c51abbbfa86bd249ba6fb23cc86307a453d461893b2f1beee7e86231a7b024
SHA512

6f9733c556a261e859ec06d71eb6a7aab999037f67adc192778f972ff43d31463c7670c55202fd1edeb1634170c9476972e7a9f99f5fdbab0eb5fcdded311ed4
SSDEEP

384:doK9nu+kwPkGKkLxS8j20ni/cHcIVDTsuSBp:doK4+5PkGKkVXniocI2uSB

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\test.sys	15e89a4199d53824248fca468361e7b5.exe
File created	C:\Windows\SysWOW64\hf1001.dll	15e89a4199d53824248fca468361e7b5.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3524	4668	WerFault.exe	89
4060	4668	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4668 wrote to memory of 3524	4668	15e89a4199d53824248fca468361e7b5.exe	96
PID 4668 wrote to memory of 3524	4668	15e89a4199d53824248fca468361e7b5.exe	96
PID 4668 wrote to memory of 3524	4668	15e89a4199d53824248fca468361e7b5.exe	96

C:\Users\Admin\AppData\Local\Temp\15e89a4199d53824248fca468361e7b5.exe
"C:\Users\Admin\AppData\Local\Temp\15e89a4199d53824248fca468361e7b5.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 336
  2⤵
  - Program crash
  PID:3524
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 336
  2⤵
  - Program crash
  PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 4668 -ip 4668
1⤵
PID:788