a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef

Analysis

max time kernel
139s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:04

Target

a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef.exe
Size

1.2MB
MD5

cb04e4165970dbd63faf5741f0029684
SHA1

078fd9a302c529336f8abea032eb3b5c4f911242
SHA256

a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef
SHA512

65c0b0fdb31067cb1501f49f5da7d66a71bdbb0936c857347ab826e2692035435ccd2cac33998b18b5931e0dcd937e8c2a80bb61b24d816c39e75b2354f8c9bd
SSDEEP

24576:YAHnh+eWsN3skA4RV1Hom2KXMmHaQ7gmDCeBxWTdlRIz5:fh+ZkldoPK8YaIgmHLWTvK

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3340 2644 WerFault.exe a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef.exe
Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef.exe

pid process

2644 a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef.exe

pid	pid_target	process	target process
3340	2644	WerFault.exe	a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef.exe

pid	process
2644	a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef.exe
2644	a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef.exe

Suspicious use of SendNotifyMessage 2 IoCs

Processes:

a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef.exe

pid	process
2644	a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef.exe
2644	a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef.exe

description	pid	process	target process
PID 2644 wrote to memory of 2408	2644	a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef.exe	svchost.exe
PID 2644 wrote to memory of 2408	2644	a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef.exe	svchost.exe
PID 2644 wrote to memory of 2408	2644	a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef.exe	svchost.exe

C:\Windows\SysWOW64\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\a505c17117d77b38d502a1386392c94ed32d559819a5106de1bda80516d976ef.exe"
2⤵
PID:2408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 736
2⤵
- Program crash
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2644 -ip 2644
1⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\aut4A57.tmp

Filesize
268KB

MD5
b108d89a92c27349d5f10c5c85371940

SHA1
8ebdbe3f9b47aca1df1dac9b45038740bacdd4e8

SHA256
c155ed4f0f7ad8eb0ededb57b0c88113ba5bb11d22274d46d8cc16db136a6be0

SHA512
95b1164c67d38f7e645fd2e39fcf948967ee3d2f2a9f2fd384eb86a3079d05a079c001b44c6c8198217e780e67779e7d1314ac1ff07f910163ee993b1c750bb2

Download Submit
memory/2644-12-0x0000000000DE0000-0x0000000000DE4000-memory.dmp

Filesize
16KB

Download