dd51d44751781d925c7b56448220e6126a0bd6d96af718f308b5820e6920681e

Analysis

max time kernel
300s
max time network
245s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
20/07/2023, 05:28

Target

dd51d44751781d925c7b56448220e6126a0bd6d96af718f308b5820e6920681e.exe
Size

4.1MB
MD5

283f84e8d7993c642377bb876e9c4b73
SHA1

3456598f3a4fce88d3e15f7a44607b55795ebed9
SHA256

dd51d44751781d925c7b56448220e6126a0bd6d96af718f308b5820e6920681e
SHA512

62fb296ad06c76e462e275313ee337f0b9559bc310dff42bec30e2ba9f22fc0faf29d66f0262d4a0d310a00e3c4ed7f6316b38a1d30989923f13a2b41a7335b7
SSDEEP

24576:mdD9bJEjhKJSnVSwTYX6GzuNedEU2752qjdCC0lv608HcV1TXO6rMcmWQEX7yLVn:uD9dEjhx6dR2WC0lya5MfHXj

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1600 set thread context of 4900	1600	dd51d44751781d925c7b56448220e6126a0bd6d96af718f308b5820e6920681e.exe	70

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3060	1600	WerFault.exe	68

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 4900	1600	dd51d44751781d925c7b56448220e6126a0bd6d96af718f308b5820e6920681e.exe	70
PID 1600 wrote to memory of 4900	1600	dd51d44751781d925c7b56448220e6126a0bd6d96af718f308b5820e6920681e.exe	70
PID 1600 wrote to memory of 4900	1600	dd51d44751781d925c7b56448220e6126a0bd6d96af718f308b5820e6920681e.exe	70
PID 1600 wrote to memory of 4900	1600	dd51d44751781d925c7b56448220e6126a0bd6d96af718f308b5820e6920681e.exe	70
PID 1600 wrote to memory of 4900	1600	dd51d44751781d925c7b56448220e6126a0bd6d96af718f308b5820e6920681e.exe	70

C:\Users\Admin\AppData\Local\Temp\dd51d44751781d925c7b56448220e6126a0bd6d96af718f308b5820e6920681e.exe
"C:\Users\Admin\AppData\Local\Temp\dd51d44751781d925c7b56448220e6126a0bd6d96af718f308b5820e6920681e.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:4900
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
  2⤵
  - Program crash
  PID:3060

memory/1600-123-0x0000000001110000-0x0000000001525000-memory.dmp

Filesize
4.1MB

Download
memory/4900-122-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download
memory/4900-144-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download
memory/4900-145-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download
memory/4900-146-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download
memory/4900-148-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download