b281be38a190ca97b700202096f56b29ff68740c0d40273f286e03d52685321e

Analysis

max time kernel
137s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2024 16:04

Target

53f6d4b448f270023ee30f231c53cf5d.exe
Size

486KB
MD5

53f6d4b448f270023ee30f231c53cf5d
SHA1

c58946d81281aa1907c8e31273f67e14f3c8ba3b
SHA256

b281be38a190ca97b700202096f56b29ff68740c0d40273f286e03d52685321e
SHA512

18c08c35498c98545042b21592b6357806626a42c2eca4fb4333104e022696586d907c1b82d31693031cf9abd1b3a319500758e715fbadc7d04c0ea4d3e2bfea
SSDEEP

12288:mxDp/GBC1aNaJ+W3YQyaOfujHwx7Eqi9gPQeuab:mdBGsQN49ozxIqJruw

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1504	2244	WerFault.exe	16

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2244	53f6d4b448f270023ee30f231c53cf5d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 3976	2244	53f6d4b448f270023ee30f231c53cf5d.exe	19
PID 2244 wrote to memory of 3976	2244	53f6d4b448f270023ee30f231c53cf5d.exe	19
PID 2244 wrote to memory of 3976	2244	53f6d4b448f270023ee30f231c53cf5d.exe	19

C:\Users\Admin\AppData\Local\Temp\53f6d4b448f270023ee30f231c53cf5d.exe
"C:\Users\Admin\AppData\Local\Temp\53f6d4b448f270023ee30f231c53cf5d.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Users\Admin\AppData\Local\Temp\53f6d4b448f270023ee30f231c53cf5d.exe
  "C:\Users\Admin\AppData\Local\Temp\53f6d4b448f270023ee30f231c53cf5d.exe"
  2⤵
  PID:3976
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 316
  2⤵
  - Program crash
  PID:1504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2244 -ip 2244
1⤵
PID:32

memory/2244-0-0x0000000000800000-0x0000000000806000-memory.dmp

Filesize
24KB

Download
memory/2244-1-0x0000000002880000-0x0000000002882000-memory.dmp

Filesize
8KB

Download