a4fc6ef06617c607c0b4d532e7df102e1dbe7416b28402e214672cbae1188302

Analysis

max time kernel
53s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05-07-2024 18:37

Target

a4fc6ef06617c607c0b4d532e7df102e1dbe7416b28402e214672cbae1188302.exe
Size

2.4MB
MD5

928ecc7808c79c7a4ca63a1730cee20a
SHA1

fb9bedbcb0758af5ec77b248915aba7ab2e3e504
SHA256

a4fc6ef06617c607c0b4d532e7df102e1dbe7416b28402e214672cbae1188302
SHA512

ba6656a5c29873d94c25209558a81a33ce7de897cddd35d2a523e61e03845ff4e7bf77b78ae873ad3a393e2216d37dcc6d0a62a6dc260b663cb5b3af2c143ee7
SSDEEP

49152:Ph+ZkldoPK8YaQtEZgJcZRmAqbsnqS02N/DZ2dVfYSBR:Y2cPK8c1xAqS9DUvY+

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1440 4564 WerFault.exe a4fc6ef06617c607c0b4d532e7df102e1dbe7416b28402e214672cbae1188302.exe

pid	pid_target	process	target process
1440	4564	WerFault.exe	a4fc6ef06617c607c0b4d532e7df102e1dbe7416b28402e214672cbae1188302.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

a4fc6ef06617c607c0b4d532e7df102e1dbe7416b28402e214672cbae1188302.exe

pid	process
4564	a4fc6ef06617c607c0b4d532e7df102e1dbe7416b28402e214672cbae1188302.exe
4564	a4fc6ef06617c607c0b4d532e7df102e1dbe7416b28402e214672cbae1188302.exe

Suspicious use of SendNotifyMessage 2 IoCs

Processes:

a4fc6ef06617c607c0b4d532e7df102e1dbe7416b28402e214672cbae1188302.exe

pid	process
4564	a4fc6ef06617c607c0b4d532e7df102e1dbe7416b28402e214672cbae1188302.exe
4564	a4fc6ef06617c607c0b4d532e7df102e1dbe7416b28402e214672cbae1188302.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

a4fc6ef06617c607c0b4d532e7df102e1dbe7416b28402e214672cbae1188302.exe

description	pid	process	target process
PID 4564 wrote to memory of 4268	4564	a4fc6ef06617c607c0b4d532e7df102e1dbe7416b28402e214672cbae1188302.exe	RegSvcs.exe
PID 4564 wrote to memory of 4268	4564	a4fc6ef06617c607c0b4d532e7df102e1dbe7416b28402e214672cbae1188302.exe	RegSvcs.exe
PID 4564 wrote to memory of 4268	4564	a4fc6ef06617c607c0b4d532e7df102e1dbe7416b28402e214672cbae1188302.exe	RegSvcs.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Users\Admin\AppData\Local\Temp\a4fc6ef06617c607c0b4d532e7df102e1dbe7416b28402e214672cbae1188302.exe"
2⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 728
2⤵
- Program crash
PID:1440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4564 -ip 4564
1⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\aut74E2.tmp
Filesize
1.6MB

MD5
3903ada0ac31eadcf07abac457f50210

SHA1
be0a97cc0d5d7fbe85dca85afe57104a6723ea65

SHA256
7c98ea94b70e5c7dbc5018d4a88e6a66ac88bb9fd97a8c0afb2c40af5cf4975b

SHA512
5fc9fd928471de601f0c7e60b83306deaffe39727cd830db6ddf688e6ec27632c9fd1eeb411568c6fd39dac19efd92c065706d1265f0ce2cc78f31394f97a774

Download Submit
memory/4564-12-0x0000000004070000-0x0000000004074000-memory.dmp

Filesize
16KB

Download