d99db56216798da56c150fa8bf33b049e1c40e6a1da68efb4dd4bd71dc12e6b5

Analysis

max time kernel
156s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 02:14

Target

2423d1aebecf0674b178e17d9cdd0d43.exe
Size

18KB
MD5

2423d1aebecf0674b178e17d9cdd0d43
SHA1

7e6c70fd5578e4a831d4c92ea0e405cef5c1d7f7
SHA256

d99db56216798da56c150fa8bf33b049e1c40e6a1da68efb4dd4bd71dc12e6b5
SHA512

a1d6f0e68b9cf7caa0615589196bd8b7002eee0d9b42298ac19afc19b2af47921c986ad47b584bd4275a9c0a9bf368c569c9f5574dfee48a5d55eda4cb89e9c3
SSDEEP

192:I8H0vK+2U6YJdMdAjgBH2HuGR9DVqPWOwSou1T5F6rCkCDO:vUGGgBWHuQ9xqPWOwZQVkrCD6

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3712	3984	WerFault.exe	87
4496	3984	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 3712	3984	2423d1aebecf0674b178e17d9cdd0d43.exe	97
PID 3984 wrote to memory of 3712	3984	2423d1aebecf0674b178e17d9cdd0d43.exe	97
PID 3984 wrote to memory of 3712	3984	2423d1aebecf0674b178e17d9cdd0d43.exe	97

C:\Users\Admin\AppData\Local\Temp\2423d1aebecf0674b178e17d9cdd0d43.exe
"C:\Users\Admin\AppData\Local\Temp\2423d1aebecf0674b178e17d9cdd0d43.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 252
  2⤵
  - Program crash
  PID:3712
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 252
  2⤵
  - Program crash
  PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3984 -ip 3984
1⤵
PID:4544

memory/3984-0-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/3984-1-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download