8493bf4b520a841422a4ead2b59c042a0683d36d9ca4efb4cdc9c294e60cf592

Analysis

max time kernel
163s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 21:34

Target

8493bf4b520a841422a4ead2b59c042a0683d36d9ca4efb4cdc9c294e60cf592.exe
Size

576KB
MD5

a354b62bd12652d0b59ec06d593456c5
SHA1

3167bfde3e3d6618f38624a62e82c3f28aeacc0d
SHA256

8493bf4b520a841422a4ead2b59c042a0683d36d9ca4efb4cdc9c294e60cf592
SHA512

5af71fcba03336dfd44a063071c9866f72e4b5e02830824dff5b3a945d9c83dcbe377d60a4799e84f8c34e05993005445001925daea44206704539298bdfbd76
SSDEEP

12288:8eXq3tnI1J54cYTREylX6D9d9pA6etej3uC+IOJ5DF:vgI141FngZKnJpF

Score

7^/10

Deletes itself 1 IoCs

pid	Process
4576	8493bf4b520a841422a4ead2b59c042a0683d36d9ca4efb4cdc9c294e60cf592.exe

Executes dropped EXE 1 IoCs

pid	Process
4576	8493bf4b520a841422a4ead2b59c042a0683d36d9ca4efb4cdc9c294e60cf592.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
4488	4576	WerFault.exe	101
1664	4576	WerFault.exe	101
564	4576	WerFault.exe	101
3320	4576	WerFault.exe	101

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4856	8493bf4b520a841422a4ead2b59c042a0683d36d9ca4efb4cdc9c294e60cf592.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
4576	8493bf4b520a841422a4ead2b59c042a0683d36d9ca4efb4cdc9c294e60cf592.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 4576	4856	8493bf4b520a841422a4ead2b59c042a0683d36d9ca4efb4cdc9c294e60cf592.exe	101
PID 4856 wrote to memory of 4576	4856	8493bf4b520a841422a4ead2b59c042a0683d36d9ca4efb4cdc9c294e60cf592.exe	101
PID 4856 wrote to memory of 4576	4856	8493bf4b520a841422a4ead2b59c042a0683d36d9ca4efb4cdc9c294e60cf592.exe	101

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4856 -ip 4856
1⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3696 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4576 -ip 4576
1⤵
PID:2104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4576 -ip 4576
1⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4576 -ip 4576
1⤵
PID:2976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4576 -ip 4576
1⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\8493bf4b520a841422a4ead2b59c042a0683d36d9ca4efb4cdc9c294e60cf592.exe

Filesize
576KB

MD5
fd25215e25978f751b76744c9a27eb12

SHA1
869de2b552622e48afece693ed22fce123ec729c

SHA256
488cdb869e410cb76453a8e0ddc003e74c3265f544f7e2b9d80d4c3a5dd10409

SHA512
f0971c95b0ec5bdfe57ac9ac762b481ebdfd60d2895b337c03619931c4ba74dbfbec309de864fd8a1ba6b61ff3270f65efb21ec2a2a13050f31c9afc8119a83a

Download Submit
memory/4576-7-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4576-8-0x00000000014C0000-0x00000000014F6000-memory.dmp

Filesize
216KB

Download
memory/4576-9-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4856-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4856-6-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download