0102eeaeb571cde826fcacd7a237009e770b2bb0188dfdc4152259261f7cb376

Analysis

max time kernel
117s
max time network
136s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
14/10/2023, 20:09

Target

0102eeaeb571cde826fcacd7a237009e770b2bb0188dfdc4152259261f7cb376.exe
Size

298KB
MD5

1a1b8af4162e154c2c36ea69f821d5af
SHA1

505a9a8beb9eea9b8b21855e29c4f4f067d0634f
SHA256

0102eeaeb571cde826fcacd7a237009e770b2bb0188dfdc4152259261f7cb376
SHA512

ca22e8ba6f5312a441cf0f460880fccf86dc38d2ebac238c83902519aca0b4d3fe26d43cc1f5320be9895b8ce3668fa2cfa249117a8e52b22a9bf20908b08807
SSDEEP

6144:U0JsICnU9Q8VKM769BCYeP0CobpGPgYW0UQfPoJ:UYsICns7onebjtUEPoJ

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1816 set thread context of 4100	1816	0102eeaeb571cde826fcacd7a237009e770b2bb0188dfdc4152259261f7cb376.exe	71

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2260	1816	WerFault.exe	69

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1816 wrote to memory of 4100	1816	0102eeaeb571cde826fcacd7a237009e770b2bb0188dfdc4152259261f7cb376.exe	71
PID 1816 wrote to memory of 4100	1816	0102eeaeb571cde826fcacd7a237009e770b2bb0188dfdc4152259261f7cb376.exe	71
PID 1816 wrote to memory of 4100	1816	0102eeaeb571cde826fcacd7a237009e770b2bb0188dfdc4152259261f7cb376.exe	71
PID 1816 wrote to memory of 4100	1816	0102eeaeb571cde826fcacd7a237009e770b2bb0188dfdc4152259261f7cb376.exe	71
PID 1816 wrote to memory of 4100	1816	0102eeaeb571cde826fcacd7a237009e770b2bb0188dfdc4152259261f7cb376.exe	71
PID 1816 wrote to memory of 4100	1816	0102eeaeb571cde826fcacd7a237009e770b2bb0188dfdc4152259261f7cb376.exe	71
PID 1816 wrote to memory of 4100	1816	0102eeaeb571cde826fcacd7a237009e770b2bb0188dfdc4152259261f7cb376.exe	71
PID 1816 wrote to memory of 4100	1816	0102eeaeb571cde826fcacd7a237009e770b2bb0188dfdc4152259261f7cb376.exe	71
PID 1816 wrote to memory of 4100	1816	0102eeaeb571cde826fcacd7a237009e770b2bb0188dfdc4152259261f7cb376.exe	71
PID 1816 wrote to memory of 4100	1816	0102eeaeb571cde826fcacd7a237009e770b2bb0188dfdc4152259261f7cb376.exe	71

C:\Users\Admin\AppData\Local\Temp\0102eeaeb571cde826fcacd7a237009e770b2bb0188dfdc4152259261f7cb376.exe
"C:\Users\Admin\AppData\Local\Temp\0102eeaeb571cde826fcacd7a237009e770b2bb0188dfdc4152259261f7cb376.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1816
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:4100
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 128
  2⤵
  - Program crash
  PID:2260

memory/4100-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/4100-4-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/4100-3-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/4100-5-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/4100-6-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download