111eb79948634ebd641f03bb4de48ecf66ab8bc32ffd6ebf14bbbba786de3102

Analysis

max time kernel
127s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 14:35

Target

015ba33e218e675b06afc752cd894aa4.exe
Size

1.1MB
MD5

015ba33e218e675b06afc752cd894aa4
SHA1

c2b8bad800c7861a65843f4bade25362e66b594a
SHA256

111eb79948634ebd641f03bb4de48ecf66ab8bc32ffd6ebf14bbbba786de3102
SHA512

208f26e4357d313adf224e424880118bd4e7f7d1dac42ab915be27b9962b4c985c8c2ed0127c5080e0b41390cdf32f6d985e3d79bd48f993542d3a300e171ac6
SSDEEP

24576:XjmOztIjpVbUJ44R/DDK2s5mNZRzOUCrA/N3ry:XqAtI704g/D3Tm03+

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2404 set thread context of 2732	2404	015ba33e218e675b06afc752cd894aa4.exe	34

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1352	2732	WerFault.exe	34
4664	2732	WerFault.exe	34

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2732	2404	015ba33e218e675b06afc752cd894aa4.exe	34
PID 2404 wrote to memory of 2732	2404	015ba33e218e675b06afc752cd894aa4.exe	34
PID 2404 wrote to memory of 2732	2404	015ba33e218e675b06afc752cd894aa4.exe	34
PID 2404 wrote to memory of 2732	2404	015ba33e218e675b06afc752cd894aa4.exe	34
PID 2404 wrote to memory of 2732	2404	015ba33e218e675b06afc752cd894aa4.exe	34
PID 2404 wrote to memory of 2732	2404	015ba33e218e675b06afc752cd894aa4.exe	34
PID 2404 wrote to memory of 2732	2404	015ba33e218e675b06afc752cd894aa4.exe	34
PID 2404 wrote to memory of 2732	2404	015ba33e218e675b06afc752cd894aa4.exe	34
PID 2404 wrote to memory of 2732	2404	015ba33e218e675b06afc752cd894aa4.exe	34
PID 2404 wrote to memory of 2732	2404	015ba33e218e675b06afc752cd894aa4.exe	34

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2732 -ip 2732
1⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2732 -ip 2732
1⤵
PID:1636

memory/2732-2-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/2732-1-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/2732-0-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/2732-3-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/2732-4-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/2732-5-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/2732-6-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/2732-8-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download