2080f48b33a012b70ced17064909c7e8226ff6ee1eac8eb17984aee4a860c94c

Analysis

max time kernel
145s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 13:52

Target

1a9fe8c7c5cfe7addee8ed113028348f.exe
Size

43KB
MD5

1a9fe8c7c5cfe7addee8ed113028348f
SHA1

74e6f3335efeb7b7217a1222bd553ee1f24f0b9c
SHA256

2080f48b33a012b70ced17064909c7e8226ff6ee1eac8eb17984aee4a860c94c
SHA512

5f8c606c5608e8d956bbc025ec79e205d32e479d1aaad61310cffc092a24f6dc924de0164639150160a6ab9081a02e69e9355183b01124c5cd39b2852a3cf2a4
SSDEEP

768:o2QYRgF2iqQcovj8d8FjR4hEWOpLyaYcFxHJsRLE/GbQABjcdERQoFc5k3P:KOg4QnS8FjR4VOVYkHyUAoEaOc5

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4860	4672	WerFault.exe	54
3448	4672	WerFault.exe	54

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4672 wrote to memory of 4860	4672	1a9fe8c7c5cfe7addee8ed113028348f.exe	94
PID 4672 wrote to memory of 4860	4672	1a9fe8c7c5cfe7addee8ed113028348f.exe	94
PID 4672 wrote to memory of 4860	4672	1a9fe8c7c5cfe7addee8ed113028348f.exe	94

C:\Users\Admin\AppData\Local\Temp\1a9fe8c7c5cfe7addee8ed113028348f.exe
"C:\Users\Admin\AppData\Local\Temp\1a9fe8c7c5cfe7addee8ed113028348f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 224
  2⤵
  - Program crash
  PID:4860
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 224
  2⤵
  - Program crash
  PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 4672 -ip 4672
1⤵
PID:1636

memory/4672-0-0x0000000000530000-0x0000000000554000-memory.dmp

Filesize
144KB

Download
memory/4672-1-0x0000000000530000-0x0000000000554000-memory.dmp

Filesize
144KB

Download
memory/4672-2-0x00000000001C0000-0x00000000001E2000-memory.dmp

Filesize
136KB

Download