3e7c493cc1be7a304bb341c49eeb66d10f3a1a62e31fceb098bf80d8b8e6e080

Analysis

max time kernel
158s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 04:21

Target

4f9123159da69d1f04fe7d176e02ed0c.exe
Size

23KB
MD5

4f9123159da69d1f04fe7d176e02ed0c
SHA1

b3d7b919a586938241f31a8b06ad8ec911081de2
SHA256

3e7c493cc1be7a304bb341c49eeb66d10f3a1a62e31fceb098bf80d8b8e6e080
SHA512

7f124bb44c87164c8b9413798ed9825ac576e462927b2090b04cd2ac3a0524c1f71320a61d7dec2c20dd223dd0a4d23f24f74c7b5db436d31e1170aad079303c
SSDEEP

384:rE6wtKQrmtUtsJATklnnEOP5pkXLzrpYc1n2uqsjc3Ah+Dx95JWJlxl9Z9FRC:rE6ZQKtUyJTnEw4XrpYun2uGU+l9cl5K

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3572	3236	WerFault.exe	88
2468	3236	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3236 wrote to memory of 3572	3236	4f9123159da69d1f04fe7d176e02ed0c.exe	93
PID 3236 wrote to memory of 3572	3236	4f9123159da69d1f04fe7d176e02ed0c.exe	93
PID 3236 wrote to memory of 3572	3236	4f9123159da69d1f04fe7d176e02ed0c.exe	93

C:\Users\Admin\AppData\Local\Temp\4f9123159da69d1f04fe7d176e02ed0c.exe
"C:\Users\Admin\AppData\Local\Temp\4f9123159da69d1f04fe7d176e02ed0c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3236
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 224
  2⤵
  - Program crash
  PID:3572
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 224
  2⤵
  - Program crash
  PID:2468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3236 -ip 3236
1⤵
PID:5092

memory/3236-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3236-1-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download