6d7d9645acca720719dc5c21fd30df8725525484db0f03cef0fc4b698e4802aa

Analysis

max time kernel
155s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 00:17

Target

2163a7ad0cb47084430d26767b3fa9bf.exe
Size

45KB
MD5

2163a7ad0cb47084430d26767b3fa9bf
SHA1

22da007c897f8cdce0b55496fdc2a0095b154a50
SHA256

6d7d9645acca720719dc5c21fd30df8725525484db0f03cef0fc4b698e4802aa
SHA512

fdc671ba7a3fb88475aa1401789c468a288f4f009a486f0a2bdef4922c96a306a131a781b48a173fd82e59cab310fa01578a53b1afc4e72754c401c260b820f6
SSDEEP

768:84HWgDsh1Zq5hRDNNmJ+ouEkkKF1b0qabba8DnqwJmSAOhEWKlvNYFuBUeE5bAT2:84H+hjqpu+YdKF1oqytDnqwJUO52dtEh

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4784	1944	WerFault.exe	89
2480	1944	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 4784	1944	2163a7ad0cb47084430d26767b3fa9bf.exe	97
PID 1944 wrote to memory of 4784	1944	2163a7ad0cb47084430d26767b3fa9bf.exe	97
PID 1944 wrote to memory of 4784	1944	2163a7ad0cb47084430d26767b3fa9bf.exe	97

C:\Users\Admin\AppData\Local\Temp\2163a7ad0cb47084430d26767b3fa9bf.exe
"C:\Users\Admin\AppData\Local\Temp\2163a7ad0cb47084430d26767b3fa9bf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 400
  2⤵
  - Program crash
  PID:4784
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 400
  2⤵
  - Program crash
  PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1944 -ip 1944
1⤵
PID:4472

memory/1944-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1944-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download