87cda7b5165fb5a29814f1e43ba18220cbb0e0a2419bff88f305a9aca41fa012

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 01:38

Target

87cda7b5165fb5a29814f1e43ba18220cbb0e0a2419bff88f305a9aca41fa012.exe
Size

160KB
MD5

672c183e3007ba4dc6269467be5beb20
SHA1

56243959249aeacbab3f830850c0173c3c432736
SHA256

87cda7b5165fb5a29814f1e43ba18220cbb0e0a2419bff88f305a9aca41fa012
SHA512

ea5b71a3270508515846d4c4a728eddac971804d4b54b53334ba3b98e46248a4fc7963ebf6805d56737356a611329755b1f1fad18fe0004ddb018ad45a2e0ff4
SSDEEP

3072:jRBdtYRTTUGP9or8+PWCRQOK+zWA+aMk:dU/U78+PNeOKOhM

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2244 set thread context of 364	2244	87cda7b5165fb5a29814f1e43ba18220cbb0e0a2419bff88f305a9aca41fa012.exe	80

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\ozzl7mm.job	87cda7b5165fb5a29814f1e43ba18220cbb0e0a2419bff88f305a9aca41fa012.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
204	2244	WerFault.exe	79

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 364	2244	87cda7b5165fb5a29814f1e43ba18220cbb0e0a2419bff88f305a9aca41fa012.exe	80
PID 2244 wrote to memory of 364	2244	87cda7b5165fb5a29814f1e43ba18220cbb0e0a2419bff88f305a9aca41fa012.exe	80
PID 2244 wrote to memory of 364	2244	87cda7b5165fb5a29814f1e43ba18220cbb0e0a2419bff88f305a9aca41fa012.exe	80
PID 2244 wrote to memory of 364	2244	87cda7b5165fb5a29814f1e43ba18220cbb0e0a2419bff88f305a9aca41fa012.exe	80
PID 2244 wrote to memory of 364	2244	87cda7b5165fb5a29814f1e43ba18220cbb0e0a2419bff88f305a9aca41fa012.exe	80

C:\Users\Admin\AppData\Local\Temp\87cda7b5165fb5a29814f1e43ba18220cbb0e0a2419bff88f305a9aca41fa012.exe
"C:\Users\Admin\AppData\Local\Temp\87cda7b5165fb5a29814f1e43ba18220cbb0e0a2419bff88f305a9aca41fa012.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Users\Admin\AppData\Local\Temp\87cda7b5165fb5a29814f1e43ba18220cbb0e0a2419bff88f305a9aca41fa012.exe
  C:\Users\Admin\AppData\Local\Temp\87cda7b5165fb5a29814f1e43ba18220cbb0e0a2419bff88f305a9aca41fa012.exe
  2⤵
  - Drops file in Windows directory
  PID:364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 304
  2⤵
  - Program crash
  PID:204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2244 -ip 2244
1⤵
PID:4688

memory/364-132-0x0000000000000000-mapping.dmp

Download
memory/364-133-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/364-134-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/364-135-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/364-136-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download