30c438f048287c23c61ca1e1cd5f8c077b23e85d748860256d386381a9fc8910

Analysis

max time kernel
135s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 00:48

Target

4257b68e51d123cabe7757b5b7dc12d6.exe
Size

437KB
MD5

4257b68e51d123cabe7757b5b7dc12d6
SHA1

f8d6f914dd52aaef9c5fa394ae4c9e49704b141c
SHA256

30c438f048287c23c61ca1e1cd5f8c077b23e85d748860256d386381a9fc8910
SHA512

ca6ddc853903204eab6ff058bc9c46a88257f439fb2fbbb2d4c2aac3e03ed454bc21198ab083b85c7a4e96b51645b5c922679d2176b95f08ab711daf872eeef0
SSDEEP

1536:XACOUo84ZkkvLSaRswuY1vLho53/KCY3L3RiAfLiZaK+Q:XQPdDSfwdg3/VefLib

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
5064	1800	WerFault.exe	47
2448	1800	WerFault.exe	47

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 5064	1800	4257b68e51d123cabe7757b5b7dc12d6.exe	95
PID 1800 wrote to memory of 5064	1800	4257b68e51d123cabe7757b5b7dc12d6.exe	95
PID 1800 wrote to memory of 5064	1800	4257b68e51d123cabe7757b5b7dc12d6.exe	95

C:\Users\Admin\AppData\Local\Temp\4257b68e51d123cabe7757b5b7dc12d6.exe
"C:\Users\Admin\AppData\Local\Temp\4257b68e51d123cabe7757b5b7dc12d6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 224
  2⤵
  - Program crash
  PID:5064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 224
  2⤵
  - Program crash
  PID:2448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1800 -ip 1800
1⤵
PID:3428