101ff63e0bc829029faeba8f27d3ee23b7e8b10d23298952db3e4f2c37036e65

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2024 15:16

Target

56cf061c67af8ca29adcd17d2b0aca37.exe
Size

562KB
MD5

56cf061c67af8ca29adcd17d2b0aca37
SHA1

ad3cef9622d1c71e8ba24211da638eed4551b825
SHA256

101ff63e0bc829029faeba8f27d3ee23b7e8b10d23298952db3e4f2c37036e65
SHA512

69599b926b5b751ffd6fba37a6e7382bc452bbbd40cbc5dd2855ee277132352ff1863dc53bbef565c7f312ed3ec8edd4da62671c21c5c3e471f02feec788707c
SSDEEP

6144:Wwi95fk/6/3ZAJSn6rXofxu+UEyYSzdlJRCP3n6x2qX4/eohM5rM1N7OkZvgUNM2:WDCC3xu+Jyvdx2qo/05rM1zOdzXaFj7

Score

3^/10

Program crash 3 IoCs

pid	pid_target	Process	procid_target
5040	384	WerFault.exe	86
3648	3036	WerFault.exe	95
3772	4188	WerFault.exe	96

Suspicious use of UnmapMainImage 3 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 3036	384	56cf061c67af8ca29adcd17d2b0aca37.exe	95
PID 384 wrote to memory of 3036	384	56cf061c67af8ca29adcd17d2b0aca37.exe	95
PID 384 wrote to memory of 3036	384	56cf061c67af8ca29adcd17d2b0aca37.exe	95
PID 384 wrote to memory of 4188	384	56cf061c67af8ca29adcd17d2b0aca37.exe	96
PID 384 wrote to memory of 4188	384	56cf061c67af8ca29adcd17d2b0aca37.exe	96
PID 384 wrote to memory of 4188	384	56cf061c67af8ca29adcd17d2b0aca37.exe	96

C:\Users\Admin\AppData\Local\Temp\56cf061c67af8ca29adcd17d2b0aca37.exe
"C:\Users\Admin\AppData\Local\Temp\56cf061c67af8ca29adcd17d2b0aca37.exe"
1⤵
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:384
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 596
  2⤵
  - Program crash
  PID:5040
- C:\Users\Admin\AppData\Local\Temp\56cf061c67af8ca29adcd17d2b0aca37.exe
  start
  2⤵
  - Suspicious use of UnmapMainImage
  PID:3036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 556
    3⤵
    - Program crash
    PID:3648
- C:\Users\Admin\AppData\Local\Temp\56cf061c67af8ca29adcd17d2b0aca37.exe
  watch
  2⤵
  - Suspicious use of UnmapMainImage
  PID:4188
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 564
    3⤵
    - Program crash
    PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 384 -ip 384
1⤵
PID:2188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3036 -ip 3036
1⤵
PID:3132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4188 -ip 4188
1⤵
PID:2820

memory/384-0-0x00000000021F0000-0x000000000220F000-memory.dmp

Filesize
124KB

Download
memory/384-1-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/384-2-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3036-3-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3036-5-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4188-4-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4188-6-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download