bfa67e7763d1e5ac33c6d2bf5ecbc73cde55d75ddfd2b621805cd4f1c507ad11

Analysis

max time kernel
164s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 12:42

Target

18dea7412c005cca23f61deef63bb41a.exe
Size

53KB
MD5

18dea7412c005cca23f61deef63bb41a
SHA1

17726fb9adb7a4f03a14b9a547fb7b28956dd3ec
SHA256

bfa67e7763d1e5ac33c6d2bf5ecbc73cde55d75ddfd2b621805cd4f1c507ad11
SHA512

e216b726380232b1b16ed7eb9831226267910df37a4a77d281784133195153b6bb3153680bd75d82a6c1da76b6b062d6a074dad9052cfc81d776838c456288c3
SSDEEP

768:YeSjP6R4Lt3o2i8GMMMQUSZcNg5T5kM72f4uKYMX+6+UDQEJ4jfmRUux5HxET:YeSjP7q8Gp9XTSBKYk+eJ4bAU0bET

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4376	2148	WerFault.exe	57
4880	2148	WerFault.exe	57

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 4376	2148	18dea7412c005cca23f61deef63bb41a.exe	92
PID 2148 wrote to memory of 4376	2148	18dea7412c005cca23f61deef63bb41a.exe	92
PID 2148 wrote to memory of 4376	2148	18dea7412c005cca23f61deef63bb41a.exe	92

C:\Users\Admin\AppData\Local\Temp\18dea7412c005cca23f61deef63bb41a.exe
"C:\Users\Admin\AppData\Local\Temp\18dea7412c005cca23f61deef63bb41a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 288
  2⤵
  - Program crash
  PID:4376
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 288
  2⤵
  - Program crash
  PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2148 -ip 2148
1⤵
PID:1884