2a706a9e4d079bc89dcddb7b9ab7c45f70975781728724ff8c555c40076eb9a0

Analysis

max time kernel
94s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 11:54

Target

d37bff488dfef0a22d17d0eec6517e60N.exe
Size

5.0MB
MD5

d37bff488dfef0a22d17d0eec6517e60
SHA1

f4eabd5bacfc9fb22266988b5a84a59a045dc6ba
SHA256

2a706a9e4d079bc89dcddb7b9ab7c45f70975781728724ff8c555c40076eb9a0
SHA512

c9a5b516f6c00cbd55702cd4db04188805e1fc00481cf82fe4e98965f0d3334f95f8076a5027790032501df17e2a7856d2010ba39e434a7cb33395938e30e9b2
SSDEEP

49152:p8YDVwFx+CgfniXtXIMfX2wGBDDQ/XSHdX4MPXGgYwUyp:p8YDVw9XtWHdC/yp

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2920	d37bff488dfef0a22d17d0eec6517e60N.exe

Executes dropped EXE 1 IoCs

pid	Process
2920	d37bff488dfef0a22d17d0eec6517e60N.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1904	2376	WerFault.exe	82
2316	2920	WerFault.exe	90
2348	2920	WerFault.exe	90

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2376	d37bff488dfef0a22d17d0eec6517e60N.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2920	d37bff488dfef0a22d17d0eec6517e60N.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2920	2376	d37bff488dfef0a22d17d0eec6517e60N.exe	90
PID 2376 wrote to memory of 2920	2376	d37bff488dfef0a22d17d0eec6517e60N.exe	90
PID 2376 wrote to memory of 2920	2376	d37bff488dfef0a22d17d0eec6517e60N.exe	90

C:\Users\Admin\AppData\Local\Temp\d37bff488dfef0a22d17d0eec6517e60N.exe
"C:\Users\Admin\AppData\Local\Temp\d37bff488dfef0a22d17d0eec6517e60N.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 344
  2⤵
  - Program crash
  PID:1904
- C:\Users\Admin\AppData\Local\Temp\d37bff488dfef0a22d17d0eec6517e60N.exe
  C:\Users\Admin\AppData\Local\Temp\d37bff488dfef0a22d17d0eec6517e60N.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2920
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 352
    3⤵
    - Program crash
    PID:2316
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 388
    3⤵
    - Program crash
    PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2376 -ip 2376
1⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2920 -ip 2920
1⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2920 -ip 2920
1⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\d37bff488dfef0a22d17d0eec6517e60N.exe

Filesize
5.0MB

MD5
848d8e1407cec99e84b9f87fb82d3fbd

SHA1
70bc7c9a0bac2124a1fed119e145ed3fdf1739e6

SHA256
c16fa58b7084aeb01bb7af1e768ae089bcaf3b9b6d01d353b711d227ff591c0e

SHA512
fb32bd5a1a95d5aced60222078bb7cd197fd99a21eb78e545544a91aee68087a1038bd93f05bbe569cd8f67cd7e5e9a0075400e9f3ae6925ecea725597ec39c7

Download Submit
memory/2376-0-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/2376-7-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/2920-8-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/2920-9-0x0000000004FF0000-0x00000000050D5000-memory.dmp

Filesize
916KB

Download
memory/2920-10-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download