ec2e95face0cd1b7eba04512d1dc99faf0e06f52daf5687664ad78e1eef6d43e

Analysis

max time kernel
94s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
13-12-2022 08:48

Target

0b17d9f9755d73cf32a0c5830a416593.exe
Size

382KB
MD5

0b17d9f9755d73cf32a0c5830a416593
SHA1

1c90213d38741e29e295e9e23b5700c701232f40
SHA256

ec2e95face0cd1b7eba04512d1dc99faf0e06f52daf5687664ad78e1eef6d43e
SHA512

1c7b556fece20fae1a2820b2a7a1898718330e40939825d2d6701db10fcdc0af81067b1387e4ddf8333bb2151b2089e562ed43f234c8cd580246e68c2ed68e34
SSDEEP

6144:G8Wga0LXOzQXl+6ZzIZWRo+p9YfgOBY01SDb6XJ6HYhwaWyN8NOg2OKsyrKzosYg:G8tj0Y5hIZWa7Y2wsEYhwVyN8ObKzosz

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

0b17d9f9755d73cf32a0c5830a416593.exe

description pid process target process

PID 4252 set thread context of 2156 4252 0b17d9f9755d73cf32a0c5830a416593.exe 0b17d9f9755d73cf32a0c5830a416593.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2716 2156 WerFault.exe 0b17d9f9755d73cf32a0c5830a416593.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

0b17d9f9755d73cf32a0c5830a416593.exe

description pid process

Token: SeDebugPrivilege 4252 0b17d9f9755d73cf32a0c5830a416593.exe

description	pid	process	target process
PID 4252 set thread context of 2156	4252	0b17d9f9755d73cf32a0c5830a416593.exe	0b17d9f9755d73cf32a0c5830a416593.exe

pid	pid_target	process	target process
2716	2156	WerFault.exe	0b17d9f9755d73cf32a0c5830a416593.exe

description	pid	process
Token: SeDebugPrivilege	4252	0b17d9f9755d73cf32a0c5830a416593.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

0b17d9f9755d73cf32a0c5830a416593.exe

description	pid	process	target process
PID 4252 wrote to memory of 2156	4252	0b17d9f9755d73cf32a0c5830a416593.exe	0b17d9f9755d73cf32a0c5830a416593.exe
PID 4252 wrote to memory of 2156	4252	0b17d9f9755d73cf32a0c5830a416593.exe	0b17d9f9755d73cf32a0c5830a416593.exe
PID 4252 wrote to memory of 2156	4252	0b17d9f9755d73cf32a0c5830a416593.exe	0b17d9f9755d73cf32a0c5830a416593.exe
PID 4252 wrote to memory of 2156	4252	0b17d9f9755d73cf32a0c5830a416593.exe	0b17d9f9755d73cf32a0c5830a416593.exe
PID 4252 wrote to memory of 2156	4252	0b17d9f9755d73cf32a0c5830a416593.exe	0b17d9f9755d73cf32a0c5830a416593.exe
PID 4252 wrote to memory of 2156	4252	0b17d9f9755d73cf32a0c5830a416593.exe	0b17d9f9755d73cf32a0c5830a416593.exe
PID 4252 wrote to memory of 2156	4252	0b17d9f9755d73cf32a0c5830a416593.exe	0b17d9f9755d73cf32a0c5830a416593.exe
PID 4252 wrote to memory of 2156	4252	0b17d9f9755d73cf32a0c5830a416593.exe	0b17d9f9755d73cf32a0c5830a416593.exe
PID 4252 wrote to memory of 2156	4252	0b17d9f9755d73cf32a0c5830a416593.exe	0b17d9f9755d73cf32a0c5830a416593.exe
PID 4252 wrote to memory of 2156	4252	0b17d9f9755d73cf32a0c5830a416593.exe	0b17d9f9755d73cf32a0c5830a416593.exe
PID 4252 wrote to memory of 2156	4252	0b17d9f9755d73cf32a0c5830a416593.exe	0b17d9f9755d73cf32a0c5830a416593.exe

C:\Users\Admin\AppData\Local\Temp\0b17d9f9755d73cf32a0c5830a416593.exe
C:\Users\Admin\AppData\Local\Temp\0b17d9f9755d73cf32a0c5830a416593.exe
2⤵
PID:2156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 80
3⤵
- Program crash
PID:2716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2156 -ip 2156
1⤵
PID:3528

memory/2156-136-0x0000000000000000-mapping.dmp

Download
memory/4252-132-0x0000000000BF0000-0x0000000000C58000-memory.dmp

Filesize
416KB

Download
memory/4252-133-0x000000000E2B0000-0x000000000E34C000-memory.dmp

Filesize
624KB

Download
memory/4252-134-0x000000000E900000-0x000000000EEA4000-memory.dmp

Filesize
5.6MB

Download
memory/4252-135-0x000000000E350000-0x000000000E3E2000-memory.dmp

Filesize
584KB

Download