490e033865350470d7edcb5aae610e3d89a1c3d5754efde517a75c3130d1596c

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 14:16

Target

490e033865350470d7edcb5aae610e3d89a1c3d5754efde517a75c3130d1596c.exe
Size

1010KB
MD5

56d9c71592654962c604e4b174b89765
SHA1

4a01911a00fa8898279f24564863cd87a08076d1
SHA256

490e033865350470d7edcb5aae610e3d89a1c3d5754efde517a75c3130d1596c
SHA512

e508dba6cc21476a50422e00902721ac3f984137858b017bcef15bad23a6238b5b1b4225318a25cf78216249cd0173c77c91d9f5142a9cabb12e812d635b0278
SSDEEP

24576:YAHnh+eWsN3skA4RV1Hom2KXMmHaou4l/WAcpm5:fh+ZkldoPK8YaoRLcC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1800	2624	WerFault.exe	83

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2624	490e033865350470d7edcb5aae610e3d89a1c3d5754efde517a75c3130d1596c.exe
2624	490e033865350470d7edcb5aae610e3d89a1c3d5754efde517a75c3130d1596c.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2624	490e033865350470d7edcb5aae610e3d89a1c3d5754efde517a75c3130d1596c.exe
2624	490e033865350470d7edcb5aae610e3d89a1c3d5754efde517a75c3130d1596c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2016	2624	490e033865350470d7edcb5aae610e3d89a1c3d5754efde517a75c3130d1596c.exe	86
PID 2624 wrote to memory of 2016	2624	490e033865350470d7edcb5aae610e3d89a1c3d5754efde517a75c3130d1596c.exe	86
PID 2624 wrote to memory of 2016	2624	490e033865350470d7edcb5aae610e3d89a1c3d5754efde517a75c3130d1596c.exe	86

C:\Users\Admin\AppData\Local\Temp\490e033865350470d7edcb5aae610e3d89a1c3d5754efde517a75c3130d1596c.exe
"C:\Users\Admin\AppData\Local\Temp\490e033865350470d7edcb5aae610e3d89a1c3d5754efde517a75c3130d1596c.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  "C:\Users\Admin\AppData\Local\Temp\490e033865350470d7edcb5aae610e3d89a1c3d5754efde517a75c3130d1596c.exe"
  2⤵
  PID:2016
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 648
  2⤵
  - Program crash
  PID:1800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2624 -ip 2624
1⤵
PID:2948

memory/2624-10-0x0000000001000000-0x0000000001004000-memory.dmp

Filesize
16KB

Download