12f7ffc817f235b4f659100182278496343cd79e53181d0f7e081f3c55896515

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 19:22

Target

51660048d36ba4c7f0f4c1fb2e738461.exe
Size

837KB
MD5

51660048d36ba4c7f0f4c1fb2e738461
SHA1

dbc2131302f5794aa5223571e30dada5a6718b3d
SHA256

12f7ffc817f235b4f659100182278496343cd79e53181d0f7e081f3c55896515
SHA512

a30a5c8406aa52d46b9275d14a1b4fa817dcdaf1c286c1a2936d942d8715d7a958ed759861753f1adfcc343e9932cbd188da51721539ed289b500a3f2e99f575
SSDEEP

24576:OFdd0TTbZ3tI+rXkPE+PZ1itepHnf/GPQq/ozAVABp1:OvdGa+jMPZo49uP9g+AB

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1764	51660048d36ba4c7f0f4c1fb2e738461.tmp

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4632	1764	WerFault.exe
4372	4384	WerFault.exe	14

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4384 wrote to memory of 1764	4384	51660048d36ba4c7f0f4c1fb2e738461.exe	24
PID 4384 wrote to memory of 1764	4384	51660048d36ba4c7f0f4c1fb2e738461.exe	24
PID 4384 wrote to memory of 1764	4384	51660048d36ba4c7f0f4c1fb2e738461.exe	24

C:\Users\Admin\AppData\Local\Temp\51660048d36ba4c7f0f4c1fb2e738461.exe
"C:\Users\Admin\AppData\Local\Temp\51660048d36ba4c7f0f4c1fb2e738461.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Users\Admin\AppData\Local\Temp\is-AGLUG.tmp\51660048d36ba4c7f0f4c1fb2e738461.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-AGLUG.tmp\51660048d36ba4c7f0f4c1fb2e738461.tmp" /SL5="$40222,814666,148992,C:\Users\Admin\AppData\Local\Temp\51660048d36ba4c7f0f4c1fb2e738461.exe"
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 472
  2⤵
  - Program crash
  PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1764 -ip 1764
1⤵
PID:2064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 396
1⤵
- Program crash
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4384 -ip 4384
1⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\is-AGLUG.tmp\51660048d36ba4c7f0f4c1fb2e738461.tmp

Filesize
61KB

MD5
5e0b2c13aa1c4934c8d2b5905dacac29

SHA1
2dfe171365d9d5015dc7298c1ba9da7d6ac1b60e

SHA256
e7af1542c4354e20641ed1978a36cf84b5f6cbe117f8e705a27d254d52e5ab82

SHA512
ad3bc71aa6ddea00de502604a641b730ecbcdb782a6a4b1a490ce70b5bf18fc5af802e7ab91a3cd7a95cf5b65c68ba9e86cf7e014eb41c37dd036f234a03645a

Download Submit
memory/1764-7-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4384-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4384-3-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4384-8-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download