749b990f8fe76d019574a8084e4bc6dccaef3c4370f14d1ff3097d82b6176913

Analysis

max time kernel
91s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
21-12-2023 23:38

Target

284b37c4771f4dcf91a37348014e04ff.exe
Size

928KB
MD5

284b37c4771f4dcf91a37348014e04ff
SHA1

211e5aa4cc0451aa252660576fc5c6a1961667fd
SHA256

749b990f8fe76d019574a8084e4bc6dccaef3c4370f14d1ff3097d82b6176913
SHA512

dddfd3b527d57ef5b2ac806ca7c083033d05b0df39b7b6513069c91eb43c8645ee2641e5203366a53de3abd7578f254d84ea2ebaebf33388d591d2db787fa568
SSDEEP

24576:+TSkT7/hjVX1uKLGLY27AX1Wh6qC/UxPpXWhi:Evl3LG0h1KZkwPhW

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

284b37c4771f4dcf91a37348014e04ff.exe

description pid process target process

PID 4716 set thread context of 3268 4716 284b37c4771f4dcf91a37348014e04ff.exe 284b37c4771f4dcf91a37348014e04ff.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process

116 3268 WerFault.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

284b37c4771f4dcf91a37348014e04ff.exe

pid process

3268 284b37c4771f4dcf91a37348014e04ff.exe

description	pid	process	target process
PID 4716 set thread context of 3268	4716	284b37c4771f4dcf91a37348014e04ff.exe	284b37c4771f4dcf91a37348014e04ff.exe

pid	pid_target	process
116	3268	WerFault.exe

pid	process
3268	284b37c4771f4dcf91a37348014e04ff.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

284b37c4771f4dcf91a37348014e04ff.exe

description	pid	process	target process
PID 4716 wrote to memory of 3268	4716	284b37c4771f4dcf91a37348014e04ff.exe	284b37c4771f4dcf91a37348014e04ff.exe
PID 4716 wrote to memory of 3268	4716	284b37c4771f4dcf91a37348014e04ff.exe	284b37c4771f4dcf91a37348014e04ff.exe
PID 4716 wrote to memory of 3268	4716	284b37c4771f4dcf91a37348014e04ff.exe	284b37c4771f4dcf91a37348014e04ff.exe
PID 4716 wrote to memory of 3268	4716	284b37c4771f4dcf91a37348014e04ff.exe	284b37c4771f4dcf91a37348014e04ff.exe
PID 4716 wrote to memory of 3268	4716	284b37c4771f4dcf91a37348014e04ff.exe	284b37c4771f4dcf91a37348014e04ff.exe
PID 4716 wrote to memory of 3268	4716	284b37c4771f4dcf91a37348014e04ff.exe	284b37c4771f4dcf91a37348014e04ff.exe

C:\Users\Admin\AppData\Local\Temp\284b37c4771f4dcf91a37348014e04ff.exe
"C:\Users\Admin\AppData\Local\Temp\284b37c4771f4dcf91a37348014e04ff.exe"
2⤵
- Suspicious use of UnmapMainImage
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3268 -ip 3268
1⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 12
1⤵
- Program crash
PID:116

memory/3268-3-0x0000000000400000-0x00000000004A5000-memory.dmp

Filesize
660KB

Download
memory/3268-8-0x00000000003E0000-0x00000000003E0000-memory.dmp

Download
memory/4716-1-0x0000000000C20000-0x0000000000C30000-memory.dmp

Filesize
64KB

Download
memory/4716-2-0x0000000074860000-0x0000000074E11000-memory.dmp

Filesize
5.7MB

Download
memory/4716-0-0x0000000074860000-0x0000000074E11000-memory.dmp

Filesize
5.7MB

Download
memory/4716-6-0x0000000074860000-0x0000000074E11000-memory.dmp

Filesize
5.7MB

Download