c076585b98cbe2c44fa5a9d31c99b2652ebb076e581a7cfae44ff72644f3cedd

Analysis

max time kernel
138s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2023, 08:19

Target

c076585b98cbe2c44fa5a9d31c99b2652ebb076e581a7cfae44ff72644f3cedd.exe
Size

329KB
MD5

08bcac3c3f40062b6bfb78119351a77c
SHA1

d9a5f75182e2338e4778c700f5710206166286a3
SHA256

c076585b98cbe2c44fa5a9d31c99b2652ebb076e581a7cfae44ff72644f3cedd
SHA512

68b9be37089307eef14aa9c01fdae3b0c6bfda3f53cc813430b7de00ff66079be85140d72111e78932c0efcfe19d28f3c35ce723e8b3db53fac95bc7e885dfdb
SSDEEP

6144:eKlzr1sYCzek2ciDaP9Xk6Ln1W8W/9InBSkZZmLdGcAdgdY6RKpjS:eGhQ2ciDq9ZL1W8q9InBRqELdolRKpj

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4644 set thread context of 4012	4644	c076585b98cbe2c44fa5a9d31c99b2652ebb076e581a7cfae44ff72644f3cedd.exe	80

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5060	4012	WerFault.exe	80

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 4012	4644	c076585b98cbe2c44fa5a9d31c99b2652ebb076e581a7cfae44ff72644f3cedd.exe	80
PID 4644 wrote to memory of 4012	4644	c076585b98cbe2c44fa5a9d31c99b2652ebb076e581a7cfae44ff72644f3cedd.exe	80
PID 4644 wrote to memory of 4012	4644	c076585b98cbe2c44fa5a9d31c99b2652ebb076e581a7cfae44ff72644f3cedd.exe	80
PID 4644 wrote to memory of 4012	4644	c076585b98cbe2c44fa5a9d31c99b2652ebb076e581a7cfae44ff72644f3cedd.exe	80
PID 4644 wrote to memory of 4012	4644	c076585b98cbe2c44fa5a9d31c99b2652ebb076e581a7cfae44ff72644f3cedd.exe	80
PID 4644 wrote to memory of 4012	4644	c076585b98cbe2c44fa5a9d31c99b2652ebb076e581a7cfae44ff72644f3cedd.exe	80
PID 4644 wrote to memory of 4012	4644	c076585b98cbe2c44fa5a9d31c99b2652ebb076e581a7cfae44ff72644f3cedd.exe	80
PID 4644 wrote to memory of 4012	4644	c076585b98cbe2c44fa5a9d31c99b2652ebb076e581a7cfae44ff72644f3cedd.exe	80
PID 4644 wrote to memory of 4012	4644	c076585b98cbe2c44fa5a9d31c99b2652ebb076e581a7cfae44ff72644f3cedd.exe	80

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4012 -ip 4012
1⤵
PID:5016

memory/4012-138-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4644-132-0x00000000005C0000-0x0000000000616000-memory.dmp

Filesize
344KB

Download
memory/4644-133-0x0000000007A70000-0x0000000008014000-memory.dmp

Filesize
5.6MB

Download
memory/4644-134-0x00000000075A0000-0x0000000007632000-memory.dmp

Filesize
584KB

Download
memory/4644-135-0x0000000007840000-0x00000000078B6000-memory.dmp

Filesize
472KB

Download
memory/4644-136-0x0000000007550000-0x000000000756E000-memory.dmp

Filesize
120KB

Download