81d21cd8c3ee65fb54aec140e15852eb2a312499d68f8a0534adb2090d46fabd

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2024 23:11

Target

81d21cd8c3ee65fb54aec140e15852eb2a312499d68f8a0534adb2090d46fabd.exe
Size

713KB
MD5

0abe1248ff2a10c0197d571dbf89bc8e
SHA1

1ff911dd1db0c846da443f3d7916d85d3950be72
SHA256

81d21cd8c3ee65fb54aec140e15852eb2a312499d68f8a0534adb2090d46fabd
SHA512

e1dfc8b25ae02772ceb8d7f17567c2e981b6a2941e12b5b265590825939910ba155a01d75af7629081c000a968f2b52a324d43057b317345dff2f58f6bd52e63
SSDEEP

12288:lsVgdnD4Rh4YkOEziDOWdzsX2ltIO9pBTgOQVC0LD55uHCzOiEJmc/07ue8N:WVgdnWh4YkOHzz44IO9pBTgOuD55uizo

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1172	1364	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 2284	1364	81d21cd8c3ee65fb54aec140e15852eb2a312499d68f8a0534adb2090d46fabd.exe	88
PID 1364 wrote to memory of 2284	1364	81d21cd8c3ee65fb54aec140e15852eb2a312499d68f8a0534adb2090d46fabd.exe	88
PID 1364 wrote to memory of 2284	1364	81d21cd8c3ee65fb54aec140e15852eb2a312499d68f8a0534adb2090d46fabd.exe	88

C:\Users\Admin\AppData\Local\Temp\81d21cd8c3ee65fb54aec140e15852eb2a312499d68f8a0534adb2090d46fabd.exe
"C:\Users\Admin\AppData\Local\Temp\81d21cd8c3ee65fb54aec140e15852eb2a312499d68f8a0534adb2090d46fabd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Users\Admin\AppData\Local\Temp\81d21cd8c3ee65fb54aec140e15852eb2a312499d68f8a0534adb2090d46fabd.exe
  FAAN
  2⤵
  PID:2284
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 288
  2⤵
  - Program crash
  PID:1172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1364 -ip 1364
1⤵
PID:1136

C:\Users\Admin\AppData\Local\Temp\81d21cd8c3ee65fb54aec140e15852eb2a312499d68f8a0534adb2090d46fabdFAAN

Filesize
4B

MD5
9134669f44c1af0532f613b7508283c4

SHA1
1c2ac638c61bcdbc434fc74649e281bcb1381da2

SHA256
7273854d0e9b34a60907bdde8293415a0f6edd6b8b1ef3957fcabd584be869a2

SHA512
ada8e9c829abcba64641eb0a937c317e2a81494545eaeac4f909395ee739f8b519e331eed7ff67f5960c18029b1a48906f1bcf438f7e3a1e8c13b78fe8aed232

Download Submit
memory/1364-0-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1364-6-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2284-1-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2284-4-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download