6935d7a89ebec2142bbee568e6da7f94f70603fa1f764950d3f1189e0ae260fb

Analysis

max time kernel
136s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 15:47

Target

c9014b4c4dcb7553991bd2030aaf4ca0.exe
Size

580KB
MD5

c9014b4c4dcb7553991bd2030aaf4ca0
SHA1

bd6048ba496cbdf80bf6ecc8df522c48baa699af
SHA256

6935d7a89ebec2142bbee568e6da7f94f70603fa1f764950d3f1189e0ae260fb
SHA512

bee70fdcb11b590cb855331215966f732040493686321f05e5b406259435fb71387156d6c594f735765d19326bd3d09d6bf0f590de9c07715e3796ab0373904a
SSDEEP

12288:5itGaOkRs1rtlPswwIIhAics0F+clTB1BJ7jxLlQ:UGvk8rtl0NIICics0FNHXHxLlQ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4596	2292	WerFault.exe	90

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 840	2292	c9014b4c4dcb7553991bd2030aaf4ca0.exe	91
PID 2292 wrote to memory of 840	2292	c9014b4c4dcb7553991bd2030aaf4ca0.exe	91
PID 2292 wrote to memory of 840	2292	c9014b4c4dcb7553991bd2030aaf4ca0.exe	91

C:\Users\Admin\AppData\Local\Temp\c9014b4c4dcb7553991bd2030aaf4ca0.exe
"C:\Users\Admin\AppData\Local\Temp\c9014b4c4dcb7553991bd2030aaf4ca0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Users\Admin\AppData\Local\Temp\c9014b4c4dcb7553991bd2030aaf4ca0.exe
  "C:\Users\Admin\AppData\Local\Temp\c9014b4c4dcb7553991bd2030aaf4ca0.exe"
  2⤵
  PID:840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 328
  2⤵
  - Program crash
  PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2292 -ip 2292
1⤵
PID:4932

memory/2292-1-0x00000000000A0000-0x00000000001A0000-memory.dmp

Filesize
1024KB

Download
memory/2292-2-0x0000000003820000-0x0000000003822000-memory.dmp

Filesize
8KB

Download