2a84648d6ad98cfc58e169b57be3620bccb36106d5d705085a7c38c12e7432a1

Analysis

max time kernel
155s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 17:54

Target

41882717ffd6cdb8c008ebcfec55ee67.exe
Size

137KB
MD5

41882717ffd6cdb8c008ebcfec55ee67
SHA1

6e3a8fefe7072427d30c811387a6fc874f665295
SHA256

2a84648d6ad98cfc58e169b57be3620bccb36106d5d705085a7c38c12e7432a1
SHA512

11822381f890f4e3bd670f405289d9e1d392417bb864629572a4820bc004cd22cc2727f99e6c456caa1f93db196bcd0992b7f332474e0c712a99c3174d3a8a0e
SSDEEP

3072:KbPN+Vm691ASZ4L016HxawPQrwmy5MmtiJCMAiTBtPiSfL/U:KiJZJ1Gx9uwmy7g0biTj

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3512	2260	WerFault.exe	88
1192	2260	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 3512	2260	41882717ffd6cdb8c008ebcfec55ee67.exe	94
PID 2260 wrote to memory of 3512	2260	41882717ffd6cdb8c008ebcfec55ee67.exe	94
PID 2260 wrote to memory of 3512	2260	41882717ffd6cdb8c008ebcfec55ee67.exe	94

C:\Users\Admin\AppData\Local\Temp\41882717ffd6cdb8c008ebcfec55ee67.exe
"C:\Users\Admin\AppData\Local\Temp\41882717ffd6cdb8c008ebcfec55ee67.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 292
  2⤵
  - Program crash
  PID:3512
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 292
  2⤵
  - Program crash
  PID:1192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2260 -ip 2260
1⤵
PID:4164

memory/2260-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2260-1-0x00000000009D0000-0x00000000009FF000-memory.dmp

Filesize
188KB

Download
memory/2260-2-0x00000000009D0000-0x00000000009FF000-memory.dmp

Filesize
188KB

Download