57c6178936a9099249ebaf6d831a2d2e2b767c085850dba55f76689c2ef9490a

Analysis

max time kernel
62s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2023 05:24

Target

C4Client.exe
Size

687.6MB
MD5

6dc896f98f315d59f7ff0a23ec918e68
SHA1

e52e78a5f7eb29cd4eca84e47943fce5028961dd
SHA256

0ce0f0ddf91c200d8a9c91c3c47f807ecc26de890de8e4dc83ec4f5a08404a06
SHA512

2ac4b6f3f9014f33bc6e1a0d8fc741fbba2e6918d35bdf572bf19a4ff3ee576671796a0f52398afd620c67963fe4b6700fe8faae19f47c8517b3658263a30dff
SSDEEP

3072:0nTjRD5V730BSng7tJr8Khw6pItWgAEqjAxou3e7BNIdOAg0FujDvktlL0BjMwmk:G1V7h2r/hwNWgAEqjAKmkAOECjMwm

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

C4Client.exe

description pid process target process

PID 4200 set thread context of 2196 4200 C4Client.exe RegSvcs.exe
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

4552 2196 WerFault.exe RegSvcs.exe
260 4200 WerFault.exe C4Client.exe

description	pid	process	target process
PID 4200 set thread context of 2196	4200	C4Client.exe	RegSvcs.exe

pid	pid_target	process	target process
4552	2196	WerFault.exe	RegSvcs.exe
260	4200	WerFault.exe	C4Client.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

C4Client.exe

description	pid	process	target process
PID 4200 wrote to memory of 4616	4200	C4Client.exe	RegSvcs.exe
PID 4200 wrote to memory of 4616	4200	C4Client.exe	RegSvcs.exe
PID 4200 wrote to memory of 4616	4200	C4Client.exe	RegSvcs.exe
PID 4200 wrote to memory of 2196	4200	C4Client.exe	RegSvcs.exe
PID 4200 wrote to memory of 2196	4200	C4Client.exe	RegSvcs.exe
PID 4200 wrote to memory of 2196	4200	C4Client.exe	RegSvcs.exe
PID 4200 wrote to memory of 2196	4200	C4Client.exe	RegSvcs.exe
PID 4200 wrote to memory of 2196	4200	C4Client.exe	RegSvcs.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
2⤵
PID:4616

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
2⤵
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 144
3⤵
- Program crash
PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 292
2⤵
- Program crash
PID:260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2196 -ip 2196
1⤵
PID:2488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4200 -ip 4200
1⤵
PID:1564

memory/2196-133-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download