bba17eb49a003e069a23636380538dc90d2830e83cfb9414d01dd51a4982bb70

Analysis

max time kernel
140s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2024, 20:32

Target

3f0330e2986a4b265566498cbccce170.exe
Size

90KB
MD5

3f0330e2986a4b265566498cbccce170
SHA1

2a5d3e2abea66e977eb74381e4c83223df8e7249
SHA256

bba17eb49a003e069a23636380538dc90d2830e83cfb9414d01dd51a4982bb70
SHA512

04a8cfc503f7ebdb8be55af81224db0065a7d519feaa9e4e6284a0f2c3b29bb8238639bdba21c7e8fc68c80e6009f04e694aee081bdbaa0a06608d445d5a5c38
SSDEEP

1536:lKrlljc/mZmAeEbmNQpMVq0K95ESGBg5uFS5V+r017qBuxA4yQbXHl1OVY:lKdIumANbkQKq005/5rTsYCQbXHP2Y

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4964	2308	WerFault.exe	89
3524	2308	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 4964	2308	3f0330e2986a4b265566498cbccce170.exe	96
PID 2308 wrote to memory of 4964	2308	3f0330e2986a4b265566498cbccce170.exe	96
PID 2308 wrote to memory of 4964	2308	3f0330e2986a4b265566498cbccce170.exe	96

C:\Users\Admin\AppData\Local\Temp\3f0330e2986a4b265566498cbccce170.exe
"C:\Users\Admin\AppData\Local\Temp\3f0330e2986a4b265566498cbccce170.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 224
  2⤵
  - Program crash
  PID:4964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 224
  2⤵
  - Program crash
  PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2308 -ip 2308
1⤵
PID:3668

memory/2308-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2308-1-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download