3e0614367a4306ad0692212eb5704af5982995ca52c80f3aacef74a9883b6536

Analysis

max time kernel
150s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
30/05/2023, 13:39

Target

da5b8144aed2113cdd7df3f3c164fb0b.exe
Size

2.2MB
MD5

da5b8144aed2113cdd7df3f3c164fb0b
SHA1

ecc3f36aae0478d95f8eeed831c84f510725a984
SHA256

3e0614367a4306ad0692212eb5704af5982995ca52c80f3aacef74a9883b6536
SHA512

f81c54cbeaab54ed789eabc9ea068ae27af8a3faaf789dbbd4ac0598b0761551817c50d03c96a6852c734d197c3d6f32b2001fc50d69817bbe1c91a4a4f8d341
SSDEEP

12288:x4ZO2poYvtcyrdxyfz/FLIMyhWkpDsW8wkpnabzIA+N:yZhp0yhxyftOWEzYpaz

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1728 set thread context of 2004	1728	da5b8144aed2113cdd7df3f3c164fb0b.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1216	1728	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2004	RegSvcs.exe
2004	RegSvcs.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2004	1728	da5b8144aed2113cdd7df3f3c164fb0b.exe	29
PID 1728 wrote to memory of 2004	1728	da5b8144aed2113cdd7df3f3c164fb0b.exe	29
PID 1728 wrote to memory of 2004	1728	da5b8144aed2113cdd7df3f3c164fb0b.exe	29
PID 1728 wrote to memory of 2004	1728	da5b8144aed2113cdd7df3f3c164fb0b.exe	29
PID 1728 wrote to memory of 2004	1728	da5b8144aed2113cdd7df3f3c164fb0b.exe	29
PID 1728 wrote to memory of 2004	1728	da5b8144aed2113cdd7df3f3c164fb0b.exe	29
PID 1728 wrote to memory of 2004	1728	da5b8144aed2113cdd7df3f3c164fb0b.exe	29
PID 1728 wrote to memory of 2004	1728	da5b8144aed2113cdd7df3f3c164fb0b.exe	29
PID 1728 wrote to memory of 2004	1728	da5b8144aed2113cdd7df3f3c164fb0b.exe	29
PID 1728 wrote to memory of 1216	1728	da5b8144aed2113cdd7df3f3c164fb0b.exe	30
PID 1728 wrote to memory of 1216	1728	da5b8144aed2113cdd7df3f3c164fb0b.exe	30
PID 1728 wrote to memory of 1216	1728	da5b8144aed2113cdd7df3f3c164fb0b.exe	30
PID 1728 wrote to memory of 1216	1728	da5b8144aed2113cdd7df3f3c164fb0b.exe	30

C:\Users\Admin\AppData\Local\Temp\da5b8144aed2113cdd7df3f3c164fb0b.exe
"C:\Users\Admin\AppData\Local\Temp\da5b8144aed2113cdd7df3f3c164fb0b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 52
  2⤵
  - Program crash
  PID:1216

memory/2004-55-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/2004-60-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2004-54-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/2004-62-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download