3510aec49416b1e42f8958c4dbd7cf3b8aaa124b2a3d39cfe4829f943f67ac64

Resubmissions

07-07-2022 07:45

25-03-2022 07:12

Target

3048_1647779912_8762.exe
Size

566KB
MD5

556af53c178fa835be6aa971630a23c6
SHA1

f34c646fe356772477d4f2e4226596b8bed40cca
SHA256

3510aec49416b1e42f8958c4dbd7cf3b8aaa124b2a3d39cfe4829f943f67ac64
SHA512

d73979b5f20b1e759d695f55ff046831e715a1efd981f77af6fce572a6717656be60b36805fdb58b50592fc7d7641c8431fb5e946d8f793fb5e45ec1c0f600bc

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

3048_1647779912_8762.exe

description pid process target process

PID 1920 set thread context of 1156 1920 3048_1647779912_8762.exe RegAsm.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1852 1156 WerFault.exe RegAsm.exe

description	pid	process	target process
PID 1920 set thread context of 1156	1920	3048_1647779912_8762.exe	RegAsm.exe

pid	pid_target	process	target process
1852	1156	WerFault.exe	RegAsm.exe

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

3048_1647779912_8762.exeRegAsm.exe

description	pid	process	target process
PID 1920 wrote to memory of 1156	1920	3048_1647779912_8762.exe	RegAsm.exe
PID 1920 wrote to memory of 1156	1920	3048_1647779912_8762.exe	RegAsm.exe
PID 1920 wrote to memory of 1156	1920	3048_1647779912_8762.exe	RegAsm.exe
PID 1920 wrote to memory of 1156	1920	3048_1647779912_8762.exe	RegAsm.exe
PID 1920 wrote to memory of 1156	1920	3048_1647779912_8762.exe	RegAsm.exe
PID 1920 wrote to memory of 1156	1920	3048_1647779912_8762.exe	RegAsm.exe
PID 1920 wrote to memory of 1156	1920	3048_1647779912_8762.exe	RegAsm.exe
PID 1920 wrote to memory of 1156	1920	3048_1647779912_8762.exe	RegAsm.exe
PID 1920 wrote to memory of 1156	1920	3048_1647779912_8762.exe	RegAsm.exe
PID 1920 wrote to memory of 1156	1920	3048_1647779912_8762.exe	RegAsm.exe
PID 1920 wrote to memory of 1156	1920	3048_1647779912_8762.exe	RegAsm.exe
PID 1920 wrote to memory of 1156	1920	3048_1647779912_8762.exe	RegAsm.exe
PID 1920 wrote to memory of 1156	1920	3048_1647779912_8762.exe	RegAsm.exe
PID 1920 wrote to memory of 1156	1920	3048_1647779912_8762.exe	RegAsm.exe
PID 1156 wrote to memory of 1852	1156	RegAsm.exe	WerFault.exe
PID 1156 wrote to memory of 1852	1156	RegAsm.exe	WerFault.exe
PID 1156 wrote to memory of 1852	1156	RegAsm.exe	WerFault.exe
PID 1156 wrote to memory of 1852	1156	RegAsm.exe	WerFault.exe

memory/1156-63-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1156-56-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1156-57-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1156-59-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1156-61-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1156-64-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1156-67-0x0000000000453B8C-mapping.dmp

Download
memory/1156-66-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1156-69-0x0000000075441000-0x0000000075443000-memory.dmp

Filesize
8KB

Download
memory/1156-70-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1852-72-0x0000000000000000-mapping.dmp

Download
memory/1920-55-0x0000000002210000-0x00000000022A2000-memory.dmp

Filesize
584KB

Download
memory/1920-54-0x00000000001A0000-0x0000000000234000-memory.dmp

Filesize
592KB

Download