9b258e7dc6a900ea8715444dcb1b93fddda133aa0d711608bab15b8abfdd4708

Analysis

max time kernel
154s
max time network
198s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2024 05:05

Target

481ae4113108b8d7b46ad2cc22896d2e.exe
Size

367KB
MD5

481ae4113108b8d7b46ad2cc22896d2e
SHA1

183a71556bfeee437ba37fbb73d541ce1cd831fc
SHA256

9b258e7dc6a900ea8715444dcb1b93fddda133aa0d711608bab15b8abfdd4708
SHA512

cb555f0b7be4203c8a25b63fae20917c19cc86cee60eb79d210dbc8a5ad70dd9a48d1c6267806ea9e0690c4d3d652b2133599c56558f2e3719a27dce5edf7aec
SSDEEP

6144:rpEcAd/Mm5ZkyUneRTnJOmQ4W4/6zA5K0TzJRCp4xRvKUllD/W13+H:rTAOm5eyUnJmCzAXTzJR3RvK6lCwH

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2156	448	WerFault.exe	89
552	448	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 448 wrote to memory of 2156	448	481ae4113108b8d7b46ad2cc22896d2e.exe	97
PID 448 wrote to memory of 2156	448	481ae4113108b8d7b46ad2cc22896d2e.exe	97
PID 448 wrote to memory of 2156	448	481ae4113108b8d7b46ad2cc22896d2e.exe	97

C:\Users\Admin\AppData\Local\Temp\481ae4113108b8d7b46ad2cc22896d2e.exe
"C:\Users\Admin\AppData\Local\Temp\481ae4113108b8d7b46ad2cc22896d2e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:448
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 332
  2⤵
  - Program crash
  PID:2156
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 332
  2⤵
  - Program crash
  PID:552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 448 -ip 448
1⤵
PID:1008

memory/448-0-0x0000000000240000-0x00000000002A0000-memory.dmp

Filesize
384KB

Download