e728fc990c2e7926c775d4dedd4394c78e7d67cebc08b937ae8feec17be0ebeb

Analysis

max time kernel
100s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12-04-2023 04:37

Target

5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe
Size

225KB
MD5

d5bbe92d4a8b9014708e0aa325158e2b
SHA1

7dd6b0e60dbcc9207b5ef18daee9790f14c525d4
SHA256

5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4
SHA512

5bc381ea0bcce769ef7798a132e56ea6fdfb0526c11b531bed9ff1db4682d5e67c3a246fe0bff87d42f19b0e20933001f9eca0697feb6de0d6aec6a9aaf5004f
SSDEEP

6144:VeUOuccUzNkM0MU1QPvoj4DFBHLWEUuJJmfUGs70p8I:UUlcjJkrX1QPv/DbrWE5JlGs70pZ

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe

description	pid	process	target process
PID 2560 set thread context of 1636	2560	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2584 1636 WerFault.exe 5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe

description pid process

Token: SeDebugPrivilege 2560 5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe

pid	pid_target	process	target process
2584	1636	WerFault.exe	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe

description	pid	process
Token: SeDebugPrivilege	2560	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe

description	pid	process	target process
PID 2560 wrote to memory of 1636	2560	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe
PID 2560 wrote to memory of 1636	2560	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe
PID 2560 wrote to memory of 1636	2560	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe
PID 2560 wrote to memory of 1636	2560	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe
PID 2560 wrote to memory of 1636	2560	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe
PID 2560 wrote to memory of 1636	2560	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe
PID 2560 wrote to memory of 1636	2560	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe
PID 2560 wrote to memory of 1636	2560	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe	5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1636 -ip 1636
1⤵
PID:260

memory/2560-133-0x0000000000BE0000-0x0000000000C1E000-memory.dmp

Filesize
248KB

Download
memory/2560-134-0x0000000009D10000-0x0000000009DAC000-memory.dmp

Filesize
624KB

Download
memory/2560-135-0x000000000A360000-0x000000000A904000-memory.dmp

Filesize
5.6MB

Download
memory/2560-136-0x0000000005730000-0x00000000057C2000-memory.dmp

Filesize
584KB

Download
memory/2560-137-0x0000000007B00000-0x0000000007B10000-memory.dmp

Filesize
64KB

Download