a9038b573692e2e70ac6c2db891511e4bcb5ac4a24a9e5ccaeb6e1d6245516ba

Analysis

max time kernel
147s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 05:00

Target

2926796c6553df14f94f35cab3f4dc66.exe
Size

629KB
MD5

2926796c6553df14f94f35cab3f4dc66
SHA1

3a388fbcd4ff5753b2d5a47ffe118ea4395ebf04
SHA256

a9038b573692e2e70ac6c2db891511e4bcb5ac4a24a9e5ccaeb6e1d6245516ba
SHA512

1e764750ac2eaaadf3308cf69efefa2e69a78c064663037e5a531e2df896fca7b76e1d9d8fd873da780a21206a4bb90cf504d168bafd95b90ad37535f423ba5c
SSDEEP

12288:lzcT7+pTsJ4FrSwhfMH485d+FaPFS9LX9IXLSSSTDfxxgORqJJBV1Ls2LMpB8an:p+7ETUWuyfMY85dA0FS9LabbST4OMJJw

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1480	1348	WerFault.exe	86
1412	1348	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 1480	1348	2926796c6553df14f94f35cab3f4dc66.exe	94
PID 1348 wrote to memory of 1480	1348	2926796c6553df14f94f35cab3f4dc66.exe	94
PID 1348 wrote to memory of 1480	1348	2926796c6553df14f94f35cab3f4dc66.exe	94

C:\Users\Admin\AppData\Local\Temp\2926796c6553df14f94f35cab3f4dc66.exe
"C:\Users\Admin\AppData\Local\Temp\2926796c6553df14f94f35cab3f4dc66.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 524
  2⤵
  - Program crash
  PID:1480
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 524
  2⤵
  - Program crash
  PID:1412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1348 -ip 1348
1⤵
PID:1396