854ed63f694e4f9526e3a1325691c934a328a82f5a73c5301b8e261c99b11b39

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-02-2023 05:13

Target

75d999d431819311abf8bd048cd084acdcd5f4e1.exe
Size

376KB
MD5

f3b6c4f3ff269bdcc55ad18ec7690497
SHA1

75d999d431819311abf8bd048cd084acdcd5f4e1
SHA256

854ed63f694e4f9526e3a1325691c934a328a82f5a73c5301b8e261c99b11b39
SHA512

30ded7705ce97f774ef98ba4b1888f9720185d430f161583fde1f926439fe91c348d3c7693ce1b34d3ccbd1dc907cb763faa86fb9249be864f6ab66807ad9de1
SSDEEP

6144:95iXLVYmUquirE7u/5F7LTVHqpX7zLh4JE5QI/6N6NMBwz+3meeKNf:95ib+mUquib/5FXhKp6Jari8GBNmeeK

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

75d999d431819311abf8bd048cd084acdcd5f4e1.exe

description	pid	process	target process
PID 2016 set thread context of 1672	2016	75d999d431819311abf8bd048cd084acdcd5f4e1.exe	75d999d431819311abf8bd048cd084acdcd5f4e1.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

584 1672 WerFault.exe 75d999d431819311abf8bd048cd084acdcd5f4e1.exe
Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

75d999d431819311abf8bd048cd084acdcd5f4e1.exe

pid process

2016 75d999d431819311abf8bd048cd084acdcd5f4e1.exe
2016 75d999d431819311abf8bd048cd084acdcd5f4e1.exe

pid	pid_target	process	target process
584	1672	WerFault.exe	75d999d431819311abf8bd048cd084acdcd5f4e1.exe

pid	process
2016	75d999d431819311abf8bd048cd084acdcd5f4e1.exe
2016	75d999d431819311abf8bd048cd084acdcd5f4e1.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

75d999d431819311abf8bd048cd084acdcd5f4e1.exe75d999d431819311abf8bd048cd084acdcd5f4e1.exe

description	pid	process	target process
PID 2016 wrote to memory of 1672	2016	75d999d431819311abf8bd048cd084acdcd5f4e1.exe	75d999d431819311abf8bd048cd084acdcd5f4e1.exe
PID 2016 wrote to memory of 1672	2016	75d999d431819311abf8bd048cd084acdcd5f4e1.exe	75d999d431819311abf8bd048cd084acdcd5f4e1.exe
PID 2016 wrote to memory of 1672	2016	75d999d431819311abf8bd048cd084acdcd5f4e1.exe	75d999d431819311abf8bd048cd084acdcd5f4e1.exe
PID 2016 wrote to memory of 1672	2016	75d999d431819311abf8bd048cd084acdcd5f4e1.exe	75d999d431819311abf8bd048cd084acdcd5f4e1.exe
PID 2016 wrote to memory of 1672	2016	75d999d431819311abf8bd048cd084acdcd5f4e1.exe	75d999d431819311abf8bd048cd084acdcd5f4e1.exe
PID 1672 wrote to memory of 584	1672	75d999d431819311abf8bd048cd084acdcd5f4e1.exe	WerFault.exe
PID 1672 wrote to memory of 584	1672	75d999d431819311abf8bd048cd084acdcd5f4e1.exe	WerFault.exe
PID 1672 wrote to memory of 584	1672	75d999d431819311abf8bd048cd084acdcd5f4e1.exe	WerFault.exe
PID 1672 wrote to memory of 584	1672	75d999d431819311abf8bd048cd084acdcd5f4e1.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\75d999d431819311abf8bd048cd084acdcd5f4e1.exe
"C:\Users\Admin\AppData\Local\Temp\75d999d431819311abf8bd048cd084acdcd5f4e1.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 36
3⤵
- Program crash
PID:584

memory/584-56-0x0000000000000000-mapping.dmp

Download
memory/1672-55-0x000000000008D080-mapping.dmp

Download
memory/2016-54-0x00000000767D1000-0x00000000767D3000-memory.dmp

Filesize
8KB

Download