c76150aa5cddede3437c7c4910fe92538692b9bced71f23f042fb2034c343e7b

Analysis

max time kernel
104s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 05:36

Target

5c529bc96fa589c436020dddc5738da0N.exe
Size

2.0MB
MD5

5c529bc96fa589c436020dddc5738da0
SHA1

c07de5a28f8971c9611f3907879f8a6737b16709
SHA256

c76150aa5cddede3437c7c4910fe92538692b9bced71f23f042fb2034c343e7b
SHA512

185f56132e4f64951c12ff3446aabf6c17fada2bec53f551c1136a70e757f1ddc795ba8ea723b3c24779da461c997a93e2187c6192815cd7a51fd125f069bd67
SSDEEP

24576:ISGeep/v7aWXla/ZS2JovBYzJLVxZITvKMMMvQAM2BYRcBoA1/LhAggkesqOBGhh:+lpvn1gnLqrXgr

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2960	5c529bc96fa589c436020dddc5738da0N.exe

Executes dropped EXE 1 IoCs

pid	Process
2960	5c529bc96fa589c436020dddc5738da0N.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2280	2904	WerFault.exe	83
3028	2960	WerFault.exe	91
1360	2960	WerFault.exe	91

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2904	5c529bc96fa589c436020dddc5738da0N.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2960	5c529bc96fa589c436020dddc5738da0N.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2960	2904	5c529bc96fa589c436020dddc5738da0N.exe	91
PID 2904 wrote to memory of 2960	2904	5c529bc96fa589c436020dddc5738da0N.exe	91
PID 2904 wrote to memory of 2960	2904	5c529bc96fa589c436020dddc5738da0N.exe	91

C:\Users\Admin\AppData\Local\Temp\5c529bc96fa589c436020dddc5738da0N.exe
"C:\Users\Admin\AppData\Local\Temp\5c529bc96fa589c436020dddc5738da0N.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 352
  2⤵
  - Program crash
  PID:2280
- C:\Users\Admin\AppData\Local\Temp\5c529bc96fa589c436020dddc5738da0N.exe
  C:\Users\Admin\AppData\Local\Temp\5c529bc96fa589c436020dddc5738da0N.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2960
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 344
    3⤵
    - Program crash
    PID:3028
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 344
    3⤵
    - Program crash
    PID:1360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 2904 -ip 2904
1⤵
PID:2912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2960 -ip 2960
1⤵
PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2960 -ip 2960
1⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\5c529bc96fa589c436020dddc5738da0N.exe

Filesize
2.0MB

MD5
fea9096d2efe8d638c9037b747f194d6

SHA1
0cb926eb82c4adb0acabbcaeb789691102b31b58

SHA256
6ecc3e067dd9c4e971cd36f37fb551cce31c8286f41d4c7f60d66755a14d86bf

SHA512
cbc22504fce449b03b037d8ec4d7ffcc86f98c860b3103d2b724863dc41f744b718b7ead1fd0dd7a79e374ec3a7f59f5cc2db3d60afb381565519996c9a64016

Download Submit
memory/2904-0-0x0000000000400000-0x00000000004EE000-memory.dmp

Filesize
952KB

Download
memory/2904-6-0x0000000000400000-0x00000000004EE000-memory.dmp

Filesize
952KB

Download
memory/2960-7-0x0000000000400000-0x00000000004EE000-memory.dmp

Filesize
952KB

Download
memory/2960-8-0x0000000005060000-0x000000000514E000-memory.dmp

Filesize
952KB

Download
memory/2960-9-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download