457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565

Analysis

max time kernel
153s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 00:49

Target

457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe
Size

372KB
MD5

0669e20bc2b7413d6922703062e062c3
SHA1

91d27f75ddfd7b245b6c09f2ecaab8c5ab7e4a11
SHA256

457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565
SHA512

a1c46657e77cd489f9c90672cbb33394066ec54735cb3ca203d4b1e1e1a4aba2177e5d886d1031b8367c674a2f03b0243038ef6f5c607d24f38a94094bda7b38
SSDEEP

6144:pl+Cd34MXtksceFm9aqFKT6Gb8iz/DCaiCJPoel9WenNaH+VJ91sXgpEVGP:K/qksceSYjv+alPoel9/04eAP

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1664 set thread context of 2184	1664	457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe	82

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2608	2184	WerFault.exe	82

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1664	457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2184	1664	457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe	82
PID 1664 wrote to memory of 2184	1664	457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe	82
PID 1664 wrote to memory of 2184	1664	457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe	82
PID 1664 wrote to memory of 2184	1664	457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe	82
PID 1664 wrote to memory of 2184	1664	457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe	82
PID 1664 wrote to memory of 2184	1664	457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe	82
PID 1664 wrote to memory of 2184	1664	457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe	82
PID 1664 wrote to memory of 2184	1664	457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe	82
PID 1664 wrote to memory of 2184	1664	457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe	82
PID 1664 wrote to memory of 2184	1664	457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe	82
PID 1664 wrote to memory of 2184	1664	457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe	82
PID 1664 wrote to memory of 2184	1664	457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe	82
PID 1664 wrote to memory of 2184	1664	457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe	82

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2184 -ip 2184
1⤵
PID:220

memory/1664-132-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1664-133-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1664-134-0x0000000000401000-0x0000000000407000-memory.dmp

Filesize
24KB

Download
memory/1664-135-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1664-142-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1664-138-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2184-140-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2184-141-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2184-143-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2184-144-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2184-145-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2184-146-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download