d254826085eaada20b9ab3803fdf88d2326ffcb2e90b36d3fbb129fce1cfed5a

Analysis

max time kernel
139s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 09:55

Target

d5d26738ed73d191556fc5640b43ed39.exe
Size

743KB
MD5

d5d26738ed73d191556fc5640b43ed39
SHA1

eaec7a86cbe18f9eb5099ca390e43562701f6d29
SHA256

d254826085eaada20b9ab3803fdf88d2326ffcb2e90b36d3fbb129fce1cfed5a
SHA512

475c358c8353daac6efe9212bc649ce22197d38f32e6d63543896f77d420ca50717468e32b92dd975d685ef193624ee96bcac958da6265658748ed483f454529
SSDEEP

12288:I1Wl8T5+M63xjmevfUu+2EYhsJZ2uEYpplNw:IA24dx0Yrmps

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3132	1884	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1884 wrote to memory of 4708	1884	d5d26738ed73d191556fc5640b43ed39.exe	91
PID 1884 wrote to memory of 4708	1884	d5d26738ed73d191556fc5640b43ed39.exe	91
PID 1884 wrote to memory of 4708	1884	d5d26738ed73d191556fc5640b43ed39.exe	91

C:\Users\Admin\AppData\Local\Temp\d5d26738ed73d191556fc5640b43ed39.exe
"C:\Users\Admin\AppData\Local\Temp\d5d26738ed73d191556fc5640b43ed39.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Users\Admin\AppData\Local\Temp\d5d26738ed73d191556fc5640b43ed39.exe
  "C:\Users\Admin\AppData\Local\Temp\d5d26738ed73d191556fc5640b43ed39.exe"
  2⤵
  PID:4708
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 420
  2⤵
  - Program crash
  PID:3132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1884 -ip 1884
1⤵
PID:3136

memory/1884-1-0x0000000000760000-0x0000000000762000-memory.dmp

Filesize
8KB

Download
memory/1884-0-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/1884-2-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download