61f6292c090b98f23f5a1d287e2033d24be834caae0f663234912b0bc4331536

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 11:38

Target

x2wg01JC/Qkt9goL5H.exe
Size

125KB
MD5

1b86e7f23393360f0257228745cd77d2
SHA1

ae28f155181d942ed4fdd6f59d4f452cce940320
SHA256

1ad6c4e0c4959acf66fec67c5c34c6e6bd034661972954f27fd9df8a07539569
SHA512

799209aa6136ec71e42ef937f25d8209b66c955b25ab2031928931f19af823df26b15ed6b6d2ab098d9283e2ed964fe6f6af9e9ea6b08f5831bbab463bf589bf
SSDEEP

3072:yt2IhJW9KaY3gc4AXcItYamdfduUQcJClt83p02K/5ySVF:1IzyKHaAFYtiUQaBw5ygF

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2124	4792	WerFault.exe	84

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4792	Qkt9goL5H.exe
4792	Qkt9goL5H.exe

C:\Users\Admin\AppData\Local\Temp\x2wg01JC\Qkt9goL5H.exe
"C:\Users\Admin\AppData\Local\Temp\x2wg01JC\Qkt9goL5H.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4792
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 388
  2⤵
  - Program crash
  PID:2124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4792 -ip 4792
1⤵
PID:1604

memory/4792-0-0x00000000753AD000-0x000000007562F000-memory.dmp

Filesize
2.5MB

Download
memory/4792-2-0x0000000075390000-0x0000000075AD8000-memory.dmp

Filesize
7.3MB

Download
memory/4792-5-0x0000000075390000-0x0000000075AD8000-memory.dmp

Filesize
7.3MB

Download
memory/4792-1-0x0000000000BD0000-0x0000000000BD1000-memory.dmp

Filesize
4KB

Download
memory/4792-6-0x0000000075390000-0x0000000075AD8000-memory.dmp

Filesize
7.3MB

Download
memory/4792-7-0x00000000753AD000-0x000000007562F000-memory.dmp

Filesize
2.5MB

Download