b8bbc14b448c298dfcd60bff896c5df2f0b66af2a16b9cea885a49f84893341b

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 07:46

Target

cc8ccad038c4e93cfe60624963f058e7.exe
Size

295KB
MD5

cc8ccad038c4e93cfe60624963f058e7
SHA1

6219f54e6f64a95dace0ecbd9a244b8cbb51c49c
SHA256

b8bbc14b448c298dfcd60bff896c5df2f0b66af2a16b9cea885a49f84893341b
SHA512

105b5043bcb2b58107dc2a997d7ada408685ca06735319779b52ce0601504f7306d5922439ed7ac112b44067dd50634ab18b074a5b1b292d803d3a5fbf11f7f0
SSDEEP

6144:3ZEe3bpi5aaYUb5ev2Hga16l1IPsDnYz3SmTNBcoiXc10npF6I8TJn:3ZEe3+Gi16WanYtYwy6I8TJn

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4764 set thread context of 1504	4764	cc8ccad038c4e93cfe60624963f058e7.exe	82

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4796	4764	WerFault.exe	80

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 1504	4764	cc8ccad038c4e93cfe60624963f058e7.exe	82
PID 4764 wrote to memory of 1504	4764	cc8ccad038c4e93cfe60624963f058e7.exe	82
PID 4764 wrote to memory of 1504	4764	cc8ccad038c4e93cfe60624963f058e7.exe	82
PID 4764 wrote to memory of 1504	4764	cc8ccad038c4e93cfe60624963f058e7.exe	82
PID 4764 wrote to memory of 1504	4764	cc8ccad038c4e93cfe60624963f058e7.exe	82
PID 4764 wrote to memory of 1504	4764	cc8ccad038c4e93cfe60624963f058e7.exe	82
PID 4764 wrote to memory of 1504	4764	cc8ccad038c4e93cfe60624963f058e7.exe	82
PID 4764 wrote to memory of 1504	4764	cc8ccad038c4e93cfe60624963f058e7.exe	82
PID 4764 wrote to memory of 1504	4764	cc8ccad038c4e93cfe60624963f058e7.exe	82
PID 4764 wrote to memory of 1504	4764	cc8ccad038c4e93cfe60624963f058e7.exe	82

C:\Users\Admin\AppData\Local\Temp\cc8ccad038c4e93cfe60624963f058e7.exe
"C:\Users\Admin\AppData\Local\Temp\cc8ccad038c4e93cfe60624963f058e7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:1504
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 276
  2⤵
  - Program crash
  PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4764 -ip 4764
1⤵
PID:796

memory/1504-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1504-1-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1504-2-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1504-3-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1504-4-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download