4d34b942e2a7c58790d6030297b691e2164b64aa1c331c78cba3768cbe946b25

Analysis

max time kernel
92s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 17:51

Target

file.exe
Size

423KB
MD5

39f67f57d267bccc0f9c6f4bc5d75cd4
SHA1

ad75b384ecf80e857082aaa3f297f54e7ec03f70
SHA256

4d34b942e2a7c58790d6030297b691e2164b64aa1c331c78cba3768cbe946b25
SHA512

2b100ab001bce924d603758b1df006ff978628161d075efc7b4c83a8391ca9be134cf02d4ce7f313507eb3c2aca69d6bb9b2565c7485b63448b460b9285be324
SSDEEP

12288:1UH7ILtbAFuKY9tTKZEDM7yL1t+YGUH7Z5f:YItbgLODM81t+3UH7P

Score

3^/10

Program crash 7 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
4660	4272	WerFault.exe	file.exe
436	4272	WerFault.exe	file.exe
3396	4272	WerFault.exe	file.exe
1292	4272	WerFault.exe	file.exe
3516	4272	WerFault.exe	file.exe
968	4272	WerFault.exe	file.exe
4592	4272	WerFault.exe	file.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 564
2⤵
- Program crash
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 572
2⤵
- Program crash
PID:436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 600
2⤵
- Program crash
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 756
2⤵
- Program crash
PID:1292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 1076
2⤵
- Program crash
PID:3516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 1120
2⤵
- Program crash
PID:968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 1104
2⤵
- Program crash
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4272 -ip 4272
1⤵
PID:3100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4272 -ip 4272
1⤵
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4272 -ip 4272
1⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4272 -ip 4272
1⤵
PID:2528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4272 -ip 4272
1⤵
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4272 -ip 4272
1⤵
PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4272 -ip 4272
1⤵
PID:3948

memory/4272-1-0x0000000002E40000-0x0000000002F40000-memory.dmp

Filesize
1024KB

Download
memory/4272-2-0x00000000049E0000-0x0000000004A56000-memory.dmp

Filesize
472KB

Download
memory/4272-3-0x00000000049E0000-0x0000000004A56000-memory.dmp

Filesize
472KB

Download
memory/4272-4-0x0000000000400000-0x0000000002C17000-memory.dmp

Filesize
40.1MB

Download
memory/4272-5-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/4272-7-0x0000000002E40000-0x0000000002F40000-memory.dmp

Filesize
1024KB

Download
memory/4272-9-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download