98caa178e5a7d59366aabee7b4249b549e52ad6eaaf379f0c0e2998166d23331

Analysis

max time kernel
103s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 21:01

Target

0d980fdbd4898f6043aee5fc00c74360N.exe
Size

274KB
MD5

0d980fdbd4898f6043aee5fc00c74360
SHA1

970ba4d592ea3228f4eaa067f3db8a349bbc0651
SHA256

98caa178e5a7d59366aabee7b4249b549e52ad6eaaf379f0c0e2998166d23331
SHA512

8a5ed5e5b914bc62203b97afad491738686c1da989ebf0e578b30b705ca302b24149404114e67922b7e9ffc878777817cd7a541b8f6c91781e2b71665cf217d8
SSDEEP

3072:4HdsfaWLPaKjcvRNM+R/ZdgYbKMvuKr2DprQ6A9IZGnG6agA0YWxuR6kocnlLBtS:adeWIcfBdPJxmprACZGnGls0xfsLP

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3384	0d980fdbd4898f6043aee5fc00c74360N.exe

Executes dropped EXE 1 IoCs

pid	Process
3384	0d980fdbd4898f6043aee5fc00c74360N.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
4264	4328	WerFault.exe	83
1212	3384	WerFault.exe	91
464	3384	WerFault.exe	91

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4328	0d980fdbd4898f6043aee5fc00c74360N.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 3384	4328	0d980fdbd4898f6043aee5fc00c74360N.exe	91
PID 4328 wrote to memory of 3384	4328	0d980fdbd4898f6043aee5fc00c74360N.exe	91
PID 4328 wrote to memory of 3384	4328	0d980fdbd4898f6043aee5fc00c74360N.exe	91

C:\Users\Admin\AppData\Local\Temp\0d980fdbd4898f6043aee5fc00c74360N.exe
"C:\Users\Admin\AppData\Local\Temp\0d980fdbd4898f6043aee5fc00c74360N.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 396
  2⤵
  - Program crash
  PID:4264
- C:\Users\Admin\AppData\Local\Temp\0d980fdbd4898f6043aee5fc00c74360N.exe
  C:\Users\Admin\AppData\Local\Temp\0d980fdbd4898f6043aee5fc00c74360N.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:3384
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 368
    3⤵
    - Program crash
    PID:1212
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 172
    3⤵
    - Program crash
    PID:464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4328 -ip 4328
1⤵
PID:3508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3384 -ip 3384
1⤵
PID:456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3384 -ip 3384
1⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\0d980fdbd4898f6043aee5fc00c74360N.exe

Filesize
274KB

MD5
813febe3bbe33a2db738dbbc5ed3ecc5

SHA1
af24783305d0623b3ca0a216b0a1208f571747ed

SHA256
1702982f3a054282df6d86002f0679ba7e5774db6da6a8afa54a710bfe3932bf

SHA512
f35bf691632df1b80dda57dec9f015d6dfb8c4049e25506ff5b6aae386bf851a53e3f8afef6c80ec60f5254940a2cd1263b630a11cbfb9596bb7d05b6a5158ef

Download Submit
memory/3384-8-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/3384-9-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/3384-10-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/4328-0-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/4328-7-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download