e75305a8faf628d6539eff7fee2855b3b35dd737772343b2ca82fcc174c8fb5d

Resubmissions

29/06/2023, 10:49

15/06/2023, 21:00

max time kernel
150s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15/06/2023, 21:00

Target

2166383d715f3ab9499f1ba34f9d4f4e.exe
Size

449KB
MD5

2166383d715f3ab9499f1ba34f9d4f4e
SHA1

0e7c2fe99472d258c5895b6786e131a3cf1b5c5a
SHA256

e75305a8faf628d6539eff7fee2855b3b35dd737772343b2ca82fcc174c8fb5d
SHA512

7ddb9180ba4258c869e91fd2618217051b2d723bd2d1c74d5b0443d6faedd5f7d0cb5ecd58eca782df22bf9f24fe71f40235f10393f24f127132f69a19fa5982
SSDEEP

6144:J6SxNsalGMfWB+VLbPK/HZRhOs7WOnhNiKO/8MEQJAjhj1UQW00svZhzdeRquURj:J6ShZuBhRfWOnhcQychpUiNZdTRJYcj

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1324 set thread context of 1416	1324	2166383d715f3ab9499f1ba34f9d4f4e.exe	28

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2004	1416	WerFault.exe	28
568	1324	WerFault.exe	27

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 1416	1324	2166383d715f3ab9499f1ba34f9d4f4e.exe	28
PID 1324 wrote to memory of 1416	1324	2166383d715f3ab9499f1ba34f9d4f4e.exe	28
PID 1324 wrote to memory of 1416	1324	2166383d715f3ab9499f1ba34f9d4f4e.exe	28
PID 1324 wrote to memory of 1416	1324	2166383d715f3ab9499f1ba34f9d4f4e.exe	28
PID 1324 wrote to memory of 1416	1324	2166383d715f3ab9499f1ba34f9d4f4e.exe	28
PID 1324 wrote to memory of 1416	1324	2166383d715f3ab9499f1ba34f9d4f4e.exe	28
PID 1324 wrote to memory of 1416	1324	2166383d715f3ab9499f1ba34f9d4f4e.exe	28
PID 1324 wrote to memory of 1416	1324	2166383d715f3ab9499f1ba34f9d4f4e.exe	28
PID 1324 wrote to memory of 1416	1324	2166383d715f3ab9499f1ba34f9d4f4e.exe	28
PID 1324 wrote to memory of 1416	1324	2166383d715f3ab9499f1ba34f9d4f4e.exe	28
PID 1416 wrote to memory of 2004	1416	SndVol.exe	29
PID 1416 wrote to memory of 2004	1416	SndVol.exe	29
PID 1416 wrote to memory of 2004	1416	SndVol.exe	29
PID 1416 wrote to memory of 2004	1416	SndVol.exe	29
PID 1324 wrote to memory of 568	1324	2166383d715f3ab9499f1ba34f9d4f4e.exe	30
PID 1324 wrote to memory of 568	1324	2166383d715f3ab9499f1ba34f9d4f4e.exe	30
PID 1324 wrote to memory of 568	1324	2166383d715f3ab9499f1ba34f9d4f4e.exe	30
PID 1324 wrote to memory of 568	1324	2166383d715f3ab9499f1ba34f9d4f4e.exe	30

C:\Users\Admin\AppData\Local\Temp\2166383d715f3ab9499f1ba34f9d4f4e.exe
"C:\Users\Admin\AppData\Local\Temp\2166383d715f3ab9499f1ba34f9d4f4e.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Windows\SysWOW64\SndVol.exe
  "C:\Windows\SysWOW64\SndVol.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1416
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 36
    3⤵
    - Program crash
    PID:2004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 3152
  2⤵
  - Program crash
  PID:568

memory/1324-67-0x0000000000310000-0x000000000037E000-memory.dmp

Filesize
440KB

Download
memory/1324-68-0x0000000000810000-0x0000000000885000-memory.dmp

Filesize
468KB

Download
memory/1416-54-0x00000000000F0000-0x0000000000124000-memory.dmp

Filesize
208KB

Download
memory/1416-55-0x00000000000F0000-0x0000000000124000-memory.dmp

Filesize
208KB

Download
memory/1416-56-0x00000000000F0000-0x0000000000124000-memory.dmp

Filesize
208KB

Download
memory/1416-57-0x00000000000F0000-0x0000000000124000-memory.dmp

Filesize
208KB

Download
memory/1416-58-0x00000000000F0000-0x0000000000124000-memory.dmp

Filesize
208KB

Download
memory/1416-59-0x00000000000F0000-0x0000000000124000-memory.dmp

Filesize
208KB

Download
memory/1416-60-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1416-64-0x00000000000F0000-0x0000000000124000-memory.dmp

Filesize
208KB

Download