5b55b4f27bcd38528b929b78d8a3dbe6f1d687dd98c78c04d41804110fd6ed5c

Analysis

max time kernel
136s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2024 22:47

Target

7e349723101160058b16361d1614e6b8.exe
Size

278KB
MD5

7e349723101160058b16361d1614e6b8
SHA1

4e1f6fd68f4cd9a5ac6ed117bf2bee72f46550cd
SHA256

5b55b4f27bcd38528b929b78d8a3dbe6f1d687dd98c78c04d41804110fd6ed5c
SHA512

91275149e1df8557a78f9350db50479592ef0815a8e5eea4e06b4275989b590fa4757c85b328648a1de47628c0670a31b46fb390f1bc51e0fbac2d547bf3a168
SSDEEP

6144:e9JQakvfexhvtaxyKS9OzZTfyifgEp2Xt28AdFURMz/EzYF3FvRgmV:SJQt2FogMavXtsYRMz/E8Zh5

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3656	1088	WerFault.exe	82
2040	1088	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 3656	1088	7e349723101160058b16361d1614e6b8.exe	85
PID 1088 wrote to memory of 3656	1088	7e349723101160058b16361d1614e6b8.exe	85
PID 1088 wrote to memory of 3656	1088	7e349723101160058b16361d1614e6b8.exe	85

C:\Users\Admin\AppData\Local\Temp\7e349723101160058b16361d1614e6b8.exe
"C:\Users\Admin\AppData\Local\Temp\7e349723101160058b16361d1614e6b8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 224
  2⤵
  - Program crash
  PID:3656
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 224
  2⤵
  - Program crash
  PID:2040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 1088 -ip 1088
1⤵
PID:2440

memory/1088-0-0x0000000000400000-0x0000000000551200-memory.dmp

Filesize
1.3MB

Download
memory/1088-1-0x0000000000400000-0x0000000000551200-memory.dmp

Filesize
1.3MB

Download