0bcccf1737d0879c490a4769bf80d80b33c9d0cc6fe014862f88411ae35d500d

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
15-09-2022 23:24

Target

file.exe
Size

247KB
MD5

95e21e08113fa1ee861e09172fc3b320
SHA1

bc96895c1924a58c0aa41252633ab447e0fdd979
SHA256

0bcccf1737d0879c490a4769bf80d80b33c9d0cc6fe014862f88411ae35d500d
SHA512

ca0cb250aaf9befeb1dd2529b8b4b9a72c71ae5925bd4cd9e0608994d271d87273fb81bb5977d2acaeb7a79a5149d3923d9f0875c4d57374d721a08b8cf9ba7f
SSDEEP

6144:jighTBjzf+vi1OJ+Zdf3EzZv2jZGY93Mxg4S:RT/iEtoxg7

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

file.exe

description pid process target process

PID 1988 set thread context of 1632 1988 file.exe file.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1452 1632 WerFault.exe file.exe

description	pid	process	target process
PID 1988 set thread context of 1632	1988	file.exe	file.exe

pid	pid_target	process	target process
1452	1632	WerFault.exe	file.exe

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

file.exefile.exe

description	pid	process	target process
PID 1988 wrote to memory of 1632	1988	file.exe	file.exe
PID 1988 wrote to memory of 1632	1988	file.exe	file.exe
PID 1988 wrote to memory of 1632	1988	file.exe	file.exe
PID 1988 wrote to memory of 1632	1988	file.exe	file.exe
PID 1988 wrote to memory of 1632	1988	file.exe	file.exe
PID 1988 wrote to memory of 1632	1988	file.exe	file.exe
PID 1988 wrote to memory of 1632	1988	file.exe	file.exe
PID 1988 wrote to memory of 1632	1988	file.exe	file.exe
PID 1988 wrote to memory of 1632	1988	file.exe	file.exe
PID 1988 wrote to memory of 1632	1988	file.exe	file.exe
PID 1632 wrote to memory of 1452	1632	file.exe	WerFault.exe
PID 1632 wrote to memory of 1452	1632	file.exe	WerFault.exe
PID 1632 wrote to memory of 1452	1632	file.exe	WerFault.exe
PID 1632 wrote to memory of 1452	1632	file.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 96
3⤵
- Program crash
PID:1452

memory/1452-73-0x0000000000000000-mapping.dmp

Download
memory/1632-55-0x0000000000070000-0x00000000000A2000-memory.dmp

Filesize
200KB

Download
memory/1632-56-0x0000000000070000-0x00000000000A2000-memory.dmp

Filesize
200KB

Download
memory/1632-58-0x0000000000070000-0x00000000000A2000-memory.dmp

Filesize
200KB

Download
memory/1632-60-0x0000000000070000-0x00000000000A2000-memory.dmp

Filesize
200KB

Download
memory/1632-62-0x0000000000070000-0x00000000000A2000-memory.dmp

Filesize
200KB

Download
memory/1632-65-0x00000000000913CA-mapping.dmp

Download
memory/1632-64-0x0000000000070000-0x00000000000A2000-memory.dmp

Filesize
200KB

Download
memory/1632-69-0x0000000000070000-0x00000000000A2000-memory.dmp

Filesize
200KB

Download
memory/1632-72-0x0000000000070000-0x00000000000A2000-memory.dmp

Filesize
200KB

Download
memory/1988-54-0x0000000000E60000-0x0000000000EA1000-memory.dmp

Filesize
260KB

Download