e381e7451312d4acd27f61f166de99e13aaefef26107bea4e4a6d1a550ff6797

Analysis

max time kernel
127s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 02:15

Target

4484344025a374501766b1704fb5410f.exe
Size

27KB
MD5

4484344025a374501766b1704fb5410f
SHA1

811ca2edd806933bc053b6190a07e1e1d60f683e
SHA256

e381e7451312d4acd27f61f166de99e13aaefef26107bea4e4a6d1a550ff6797
SHA512

0a6ac2e27ec096831f272d2addd18f09773207d0d756b7efd755d40f6a81dd7dc133eecad122cd06174d63d5b328e7aa0d24c4aa28e2a928bde5b82fd6cd3e27
SSDEEP

768:kG2X5kFdyWmaQhKl6cHTOVvbnIMQhC+ccxGWlZbxbha53:ko3yfaOr2yVvFXqd3rS

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
368	4776	WerFault.exe	73
1340	4776	WerFault.exe	73

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4776 wrote to memory of 368	4776	4484344025a374501766b1704fb5410f.exe	95
PID 4776 wrote to memory of 368	4776	4484344025a374501766b1704fb5410f.exe	95
PID 4776 wrote to memory of 368	4776	4484344025a374501766b1704fb5410f.exe	95

C:\Users\Admin\AppData\Local\Temp\4484344025a374501766b1704fb5410f.exe
"C:\Users\Admin\AppData\Local\Temp\4484344025a374501766b1704fb5410f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4776
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 420
  2⤵
  - Program crash
  PID:368
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 420
  2⤵
  - Program crash
  PID:1340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4776 -ip 4776
1⤵
PID:1284

memory/4776-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download