2549d5c526b9417589b296791dda9062a61279e16b830897204aed7e9236b6bd

Analysis

max time kernel
158s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 20:38

Target

41db9e1ce34f45d08d64aaa61741085b.exe
Size

538KB
MD5

41db9e1ce34f45d08d64aaa61741085b
SHA1

fede303f4854e2c3ea66a45e2d995761f10eec58
SHA256

2549d5c526b9417589b296791dda9062a61279e16b830897204aed7e9236b6bd
SHA512

c585a353388ad03560f007a3ee30da7951e0cefbf29db5bf7cbfb802d2ecbb1d5f5a5ae19474ccae4ac608350e3ca9a6aa6d8c3ae77953bc689dabcecf1fdb56
SSDEEP

12288:xkADnTtzwBeWxVBJER0IthSjTtyu2IvT5cNczBczD68:xkAtwBekTERb+aHczBcJ

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3204	1952	WerFault.exe	89
404	1952	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 3204	1952	41db9e1ce34f45d08d64aaa61741085b.exe	97
PID 1952 wrote to memory of 3204	1952	41db9e1ce34f45d08d64aaa61741085b.exe	97
PID 1952 wrote to memory of 3204	1952	41db9e1ce34f45d08d64aaa61741085b.exe	97

C:\Users\Admin\AppData\Local\Temp\41db9e1ce34f45d08d64aaa61741085b.exe
"C:\Users\Admin\AppData\Local\Temp\41db9e1ce34f45d08d64aaa61741085b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 384
  2⤵
  - Program crash
  PID:3204
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 384
  2⤵
  - Program crash
  PID:404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1952 -ip 1952
1⤵
PID:4708

memory/1952-0-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/1952-1-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download