0588d6d38e8cc7f8304f56b2dbc9f16b91faa0ecdbd0a79cf353bd003055c04b

Analysis

max time kernel
96s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 17:20

Target

082266bd728f576e2ce250cbf64132fd.exe
Size

1.5MB
MD5

082266bd728f576e2ce250cbf64132fd
SHA1

a54ba93b14a1b879035d42a60f106001c0b5bac5
SHA256

0588d6d38e8cc7f8304f56b2dbc9f16b91faa0ecdbd0a79cf353bd003055c04b
SHA512

8babc462f5897103dbe1b48c55039af5d97305011dbd3bd6eb4666369d6be3381c7468c384a7cfc4bc8757e4d6fad74b5d51c728ee08dce76f34b81f4440ea62
SSDEEP

24576:m5IM/V0deM5lZ2ykPYMkrQ1OrWaRyv2PBcSL+L5/+FMoQl/ugQWiBdrfO+a+G:cIBfvMkrNrf0u3qdaNLgQWiO+m

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4008 set thread context of 3876	4008	082266bd728f576e2ce250cbf64132fd.exe	90

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2912	3876	WerFault.exe	90
3488	3876	WerFault.exe	90

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4008 wrote to memory of 3876	4008	082266bd728f576e2ce250cbf64132fd.exe	90
PID 4008 wrote to memory of 3876	4008	082266bd728f576e2ce250cbf64132fd.exe	90
PID 4008 wrote to memory of 3876	4008	082266bd728f576e2ce250cbf64132fd.exe	90
PID 4008 wrote to memory of 3876	4008	082266bd728f576e2ce250cbf64132fd.exe	90
PID 4008 wrote to memory of 3876	4008	082266bd728f576e2ce250cbf64132fd.exe	90
PID 4008 wrote to memory of 3876	4008	082266bd728f576e2ce250cbf64132fd.exe	90
PID 4008 wrote to memory of 3876	4008	082266bd728f576e2ce250cbf64132fd.exe	90
PID 4008 wrote to memory of 3876	4008	082266bd728f576e2ce250cbf64132fd.exe	90
PID 4008 wrote to memory of 3876	4008	082266bd728f576e2ce250cbf64132fd.exe	90
PID 4008 wrote to memory of 3876	4008	082266bd728f576e2ce250cbf64132fd.exe	90

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3876 -ip 3876
1⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3876 -ip 3876
1⤵
PID:3416

memory/3876-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3876-2-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3876-4-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3876-3-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3876-1-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3876-5-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3876-6-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3876-8-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download