6456be4321465dbd715568ca4bda48c1c7674c08ad291b18c1cb0c183f63e028

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 08:46

Target

6456be4321465dbd715568ca4bda48c1c7674c08ad291b18c1cb0c183f63e028.exe
Size

3.8MB
MD5

bae9a139a2062c3e3b42c9c6845ce252
SHA1

d8996c034c02759b858affb432ffb6f4c9ef759a
SHA256

6456be4321465dbd715568ca4bda48c1c7674c08ad291b18c1cb0c183f63e028
SHA512

d304438906ca763ae3346fcec7f60508fade1116d0dcc94ccbd9cf16523dc8d084e23ab63baa12a5a739d05e0e23bd923c7c1cd6435b08191e1c12b57c540f5f
SSDEEP

49152:+fisGyCc38nMKTBoeANyvTDNpwP/T0hS1idvMd81XWrWC7WA94UQX:XsKc33ydwTv0F1Z

Score

3^/10

Program crash 5 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
3240	944	WerFault.exe	6456be4321465dbd715568ca4bda48c1c7674c08ad291b18c1cb0c183f63e028.exe
2876	944	WerFault.exe	6456be4321465dbd715568ca4bda48c1c7674c08ad291b18c1cb0c183f63e028.exe
2600	944	WerFault.exe	6456be4321465dbd715568ca4bda48c1c7674c08ad291b18c1cb0c183f63e028.exe
1872	944	WerFault.exe	6456be4321465dbd715568ca4bda48c1c7674c08ad291b18c1cb0c183f63e028.exe
4332	944	WerFault.exe	6456be4321465dbd715568ca4bda48c1c7674c08ad291b18c1cb0c183f63e028.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

6456be4321465dbd715568ca4bda48c1c7674c08ad291b18c1cb0c183f63e028.exe

pid process

944 6456be4321465dbd715568ca4bda48c1c7674c08ad291b18c1cb0c183f63e028.exe

pid	process
944	6456be4321465dbd715568ca4bda48c1c7674c08ad291b18c1cb0c183f63e028.exe

C:\Users\Admin\AppData\Local\Temp\6456be4321465dbd715568ca4bda48c1c7674c08ad291b18c1cb0c183f63e028.exe
"C:\Users\Admin\AppData\Local\Temp\6456be4321465dbd715568ca4bda48c1c7674c08ad291b18c1cb0c183f63e028.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 1744
2⤵
- Program crash
PID:3240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 1612
2⤵
- Program crash
PID:2876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 1496
2⤵
- Program crash
PID:2600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 1564
2⤵
- Program crash
PID:1872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 752
2⤵
- Program crash
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 944 -ip 944
1⤵
PID:2992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 944 -ip 944
1⤵
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 944 -ip 944
1⤵
PID:1776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 944 -ip 944
1⤵
PID:728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 944 -ip 944
1⤵
PID:4300

memory/944-9-0x0000000000400000-0x00000000007C8000-memory.dmp

Filesize
3.8MB

Download
memory/944-10-0x0000000074080000-0x00000000741FB000-memory.dmp

Filesize
1.5MB

Download