ef98f6b52f4e6ada521f48bb10e3e7a3235c3289576af1b19e9f3cd32f27b948

Analysis

max time kernel
105s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2023, 01:49

Target

3e0614367a4306ad0692212eb5704af5982995ca52c80f3aacef74a9883b6536.exe
Size

2.2MB
MD5

da5b8144aed2113cdd7df3f3c164fb0b
SHA1

ecc3f36aae0478d95f8eeed831c84f510725a984
SHA256

3e0614367a4306ad0692212eb5704af5982995ca52c80f3aacef74a9883b6536
SHA512

f81c54cbeaab54ed789eabc9ea068ae27af8a3faaf789dbbd4ac0598b0761551817c50d03c96a6852c734d197c3d6f32b2001fc50d69817bbe1c91a4a4f8d341
SSDEEP

12288:x4ZO2poYvtcyrdxyfz/FLIMyhWkpDsW8wkpnabzIA+N:yZhp0yhxyftOWEzYpaz

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 436 set thread context of 4116	436	3e0614367a4306ad0692212eb5704af5982995ca52c80f3aacef74a9883b6536.exe	86

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2060	436	WerFault.exe	84

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4116	RegSvcs.exe
4116	RegSvcs.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 4116	436	3e0614367a4306ad0692212eb5704af5982995ca52c80f3aacef74a9883b6536.exe	86
PID 436 wrote to memory of 4116	436	3e0614367a4306ad0692212eb5704af5982995ca52c80f3aacef74a9883b6536.exe	86
PID 436 wrote to memory of 4116	436	3e0614367a4306ad0692212eb5704af5982995ca52c80f3aacef74a9883b6536.exe	86
PID 436 wrote to memory of 4116	436	3e0614367a4306ad0692212eb5704af5982995ca52c80f3aacef74a9883b6536.exe	86
PID 436 wrote to memory of 4116	436	3e0614367a4306ad0692212eb5704af5982995ca52c80f3aacef74a9883b6536.exe	86

C:\Users\Admin\AppData\Local\Temp\3e0614367a4306ad0692212eb5704af5982995ca52c80f3aacef74a9883b6536.exe
"C:\Users\Admin\AppData\Local\Temp\3e0614367a4306ad0692212eb5704af5982995ca52c80f3aacef74a9883b6536.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:436
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 156
  2⤵
  - Program crash
  PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 436 -ip 436
1⤵
PID:2208

memory/4116-133-0x0000000000700000-0x0000000000770000-memory.dmp

Filesize
448KB

Download
memory/4116-139-0x0000000000700000-0x0000000000770000-memory.dmp

Filesize
448KB

Download
memory/4116-140-0x0000000002500000-0x0000000002507000-memory.dmp

Filesize
28KB

Download
memory/4116-141-0x0000000002690000-0x0000000002A90000-memory.dmp

Filesize
4.0MB

Download
memory/4116-142-0x0000000002690000-0x0000000002A90000-memory.dmp

Filesize
4.0MB

Download