b0831c1f23202cd936470a346b97d37f39a27a364db9a15f3d2d5d33bb53de13

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2024 18:14

Target

4e29200e64b17b863a40a2aac18297d0.exe
Size

299KB
MD5

4e29200e64b17b863a40a2aac18297d0
SHA1

0b455c0ec403245ce1c8b54bc0c6dd6a83b9ac56
SHA256

b0831c1f23202cd936470a346b97d37f39a27a364db9a15f3d2d5d33bb53de13
SHA512

3eb664e9906f8ea8b78d23fbb4a1d399dade99be6d214f9b1ff0d7fcc84515fceb0c4dd1d783e6fda86aa2d326ea2835d55e99874aa12a2f408678f07582c680
SSDEEP

6144:YBChpJKe6hjjMLxWNLGwHIA9VAvslnLDEdG/3u9aB:MChpJKjcxARAv8+G/+6

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

924 4352 WerFault.exe 4e29200e64b17b863a40a2aac18297d0.exe

pid	pid_target	process	target process
924	4352	WerFault.exe	4e29200e64b17b863a40a2aac18297d0.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

4e29200e64b17b863a40a2aac18297d0.exe

description	pid	process	target process
PID 4352 wrote to memory of 4608	4352	4e29200e64b17b863a40a2aac18297d0.exe	4e29200e64b17b863a40a2aac18297d0.exe
PID 4352 wrote to memory of 4608	4352	4e29200e64b17b863a40a2aac18297d0.exe	4e29200e64b17b863a40a2aac18297d0.exe
PID 4352 wrote to memory of 4608	4352	4e29200e64b17b863a40a2aac18297d0.exe	4e29200e64b17b863a40a2aac18297d0.exe

C:\Users\Admin\AppData\Local\Temp\4e29200e64b17b863a40a2aac18297d0.exe
"C:\Users\Admin\AppData\Local\Temp\4e29200e64b17b863a40a2aac18297d0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 504
  2⤵
  - Program crash
  PID:924
- C:\Users\Admin\AppData\Local\Temp\4e29200e64b17b863a40a2aac18297d0.exe
  "C:\Users\Admin\AppData\Local\Temp\4e29200e64b17b863a40a2aac18297d0.exe"
  2⤵
  PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4352 -ip 4352
1⤵
PID:2872

memory/4352-1-0x00000000021C0000-0x00000000021C2000-memory.dmp

Filesize
8KB

Download
memory/4352-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download