34c9bc34cb5a4c02c25327b102e0fded899ede2327873730880a4d440568da90

Analysis

max time kernel
464s
max time network
538s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
25-06-2024 16:18

Target

YouAreAnIdiot.zip
Size

231KB
MD5

b1c2963c2b33bd40ccb8d6db87ffe3ad
SHA1

a17bda74e38e108349e7ca2f0e2e0b652b36e356
SHA256

34c9bc34cb5a4c02c25327b102e0fded899ede2327873730880a4d440568da90
SHA512

4211f1f12b4fcb5da4e227f66bf94118d393ef0dca91e983d1e8a32448475d7e1d31bc7301b9c46ce255ea1a41f90804dd7587850d0f242a2993a44f6c0359cf
SSDEEP

6144:vTmrfdG1Arn9rHh9lpQE9CQZwk4jZXMTw/nSlpyE99XUIDh:vEU1ARjjPFwLSwidiI9

Score

3^/10

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1500	1528	WerFault.exe	82
2336	1092	WerFault.exe	88
3416	1876	WerFault.exe	91

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\YouAreAnIdiot.zip
1⤵
PID:5104

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1420

C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
1⤵
PID:1528
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 1452
  2⤵
  - Program crash
  PID:1500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 352 -p 1528 -ip 1528
1⤵
PID:1556

C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
1⤵
PID:1092
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 1424
  2⤵
  - Program crash
  PID:2336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1092 -ip 1092
1⤵
PID:3312

C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
1⤵
PID:1876
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 1424
  2⤵
  - Program crash
  PID:3416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 1876 -ip 1876
1⤵
PID:2912

memory/1528-0-0x000000007431E000-0x000000007431F000-memory.dmp

Filesize
4KB

Download
memory/1528-1-0x0000000000AA0000-0x0000000000B12000-memory.dmp

Filesize
456KB

Download
memory/1528-2-0x00000000054C0000-0x000000000555C000-memory.dmp

Filesize
624KB

Download
memory/1528-3-0x0000000005B10000-0x00000000060B6000-memory.dmp

Filesize
5.6MB

Download
memory/1528-4-0x0000000005560000-0x00000000055F2000-memory.dmp

Filesize
584KB

Download
memory/1528-5-0x0000000005480000-0x000000000548A000-memory.dmp

Filesize
40KB

Download
memory/1528-6-0x00000000057D0000-0x0000000005826000-memory.dmp

Filesize
344KB

Download
memory/1528-7-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/1528-8-0x00000000054B0000-0x00000000054BA000-memory.dmp

Filesize
40KB

Download
memory/1528-9-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download