6382fc2543f9353e4621041e113677ceb16db4305e065b4e8ecac458986fa59a

Analysis

max time kernel
139s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 06:33

Target

402413b1c19f93163bdbf83e778498c5.exe
Size

272KB
MD5

402413b1c19f93163bdbf83e778498c5
SHA1

86401d7bb882439283f7fcd032fb9c25142ba842
SHA256

6382fc2543f9353e4621041e113677ceb16db4305e065b4e8ecac458986fa59a
SHA512

8378ad4603278f246030f37813eba6320cdbdf23c58339c4f04bdabdb4aaed48f9e7adcdd8d4155882a670b520a7440a7d243faa373217c86b9663bc47b17608
SSDEEP

6144:IdHW/GASUY5LqR0ptxHWXT1udMwsik3XwFiK/ueO0F4ta87Gp:YAGWY8puqwUAFH2D0j8

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2444	1876	WerFault.exe	87
1528	1876	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 2444	1876	402413b1c19f93163bdbf83e778498c5.exe	92
PID 1876 wrote to memory of 2444	1876	402413b1c19f93163bdbf83e778498c5.exe	92
PID 1876 wrote to memory of 2444	1876	402413b1c19f93163bdbf83e778498c5.exe	92

C:\Users\Admin\AppData\Local\Temp\402413b1c19f93163bdbf83e778498c5.exe
"C:\Users\Admin\AppData\Local\Temp\402413b1c19f93163bdbf83e778498c5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 360
  2⤵
  - Program crash
  PID:2444
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 360
  2⤵
  - Program crash
  PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1876 -ip 1876
1⤵
PID:1884

memory/1876-0-0x0000000000470000-0x0000000000471000-memory.dmp

Filesize
4KB

Download