b080bdfe0c1e6065997164216ff6d7d453da2a92f354805f0b1d7bc0e5d80f07

Analysis

max time kernel
136s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 13:53

Target

38c7c190f42c9b02e294eb1d2ecdd288.exe
Size

676KB
MD5

38c7c190f42c9b02e294eb1d2ecdd288
SHA1

e3380ec61f592b579f217d26eacc3f18f303bf31
SHA256

b080bdfe0c1e6065997164216ff6d7d453da2a92f354805f0b1d7bc0e5d80f07
SHA512

159becd2a284a934726d3f3ef14363406349216832fa57644345b679e97adcdb88a515ab93d749446bd2f7a704c2e4614856d4b5bb91b297acd736f22b2213d0
SSDEEP

12288:3LhJCf/j8wqDqK+hMJagb0/6vxF5dNrd4n5j8bpItZUzuv:3L7+/jVqOLhgaO0CxvrlbYZUyv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1016	432	WerFault.exe	16

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 4848	432	38c7c190f42c9b02e294eb1d2ecdd288.exe	19
PID 432 wrote to memory of 4848	432	38c7c190f42c9b02e294eb1d2ecdd288.exe	19
PID 432 wrote to memory of 4848	432	38c7c190f42c9b02e294eb1d2ecdd288.exe	19

C:\Users\Admin\AppData\Local\Temp\38c7c190f42c9b02e294eb1d2ecdd288.exe
"C:\Users\Admin\AppData\Local\Temp\38c7c190f42c9b02e294eb1d2ecdd288.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:432
- C:\Users\Admin\AppData\Local\Temp\38c7c190f42c9b02e294eb1d2ecdd288.exe
  "C:\Users\Admin\AppData\Local\Temp\38c7c190f42c9b02e294eb1d2ecdd288.exe"
  2⤵
  PID:4848
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 512
  2⤵
  - Program crash
  PID:1016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 432 -ip 432
1⤵
PID:1732

memory/432-1-0x0000000000560000-0x0000000000562000-memory.dmp

Filesize
8KB

Download
memory/432-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download