82137775a74b4ee9456e1fc73e4dc89f78d25dee1c4d3990df95570124ad439b

Analysis

max time kernel
92s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15/01/2024, 04:13

Target

5c1a933f916891911ab6d69a65d0d855.exe
Size

576KB
MD5

5c1a933f916891911ab6d69a65d0d855
SHA1

37aa46c9b8d8e9475d6029d57be31f47409d4726
SHA256

82137775a74b4ee9456e1fc73e4dc89f78d25dee1c4d3990df95570124ad439b
SHA512

2f3b63ef9341d467ed6e4c76152460620ec92a2996881f6f8f6cc6660ddcfa3bca66fd07d6a76dd0cea5210327c5a875442e7e295e7bd474ead7c148538aac8b
SSDEEP

12288:Irf0P3HD5Y+nvGtCsA/Rm2UGWGMqY2u3WUmVKeWe:XP3H1YEvzAAcW7KeF

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2556	4872	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 3536	4872	5c1a933f916891911ab6d69a65d0d855.exe	85
PID 4872 wrote to memory of 3536	4872	5c1a933f916891911ab6d69a65d0d855.exe	85
PID 4872 wrote to memory of 3536	4872	5c1a933f916891911ab6d69a65d0d855.exe	85

C:\Users\Admin\AppData\Local\Temp\5c1a933f916891911ab6d69a65d0d855.exe
"C:\Users\Admin\AppData\Local\Temp\5c1a933f916891911ab6d69a65d0d855.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Users\Admin\AppData\Local\Temp\5c1a933f916891911ab6d69a65d0d855.exe
  "C:\Users\Admin\AppData\Local\Temp\5c1a933f916891911ab6d69a65d0d855.exe"
  2⤵
  PID:3536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 520
  2⤵
  - Program crash
  PID:2556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4872 -ip 4872
1⤵
PID:3784

memory/4872-0-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/4872-1-0x00000000005F0000-0x00000000005F2000-memory.dmp

Filesize
8KB

Download