c64a7c1f1c750f09b4cc52f042bb33d073572c6843801f235ca201579827f6e8

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 06:04

Target

0a2f7a516dbcf2155674f149eaeaba11.exe
Size

107KB
MD5

0a2f7a516dbcf2155674f149eaeaba11
SHA1

7deb00f87454e0dd2725cd8505a950063236fb01
SHA256

c64a7c1f1c750f09b4cc52f042bb33d073572c6843801f235ca201579827f6e8
SHA512

4214a42586b251795dbb4a5b6d581ece12c3a6dbd62ba7edf9fa90463a6998ecebdce82c7c53984a6dccea8a02df8da59db4fc2df41bbacc905117897903cced
SSDEEP

1536:fJe97LBbksS8Mt0PV4nGxrUqhoT0WulDh45VVuLtms+kOMjkkJDJvAStznDjHF68:haLBosUCPUGx4ludhOCmikkJljtz9F2E

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1528 set thread context of 4140	1528	0a2f7a516dbcf2155674f149eaeaba11.exe	77

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1540	1528	WerFault.exe	14
1920	1528	WerFault.exe	14

Suspicious behavior: EnumeratesProcesses 20 IoCs

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 4140	1528	0a2f7a516dbcf2155674f149eaeaba11.exe	77
PID 1528 wrote to memory of 4140	1528	0a2f7a516dbcf2155674f149eaeaba11.exe	77
PID 1528 wrote to memory of 4140	1528	0a2f7a516dbcf2155674f149eaeaba11.exe	77
PID 1528 wrote to memory of 4140	1528	0a2f7a516dbcf2155674f149eaeaba11.exe	77
PID 1528 wrote to memory of 4140	1528	0a2f7a516dbcf2155674f149eaeaba11.exe	77
PID 1528 wrote to memory of 4140	1528	0a2f7a516dbcf2155674f149eaeaba11.exe	77
PID 1528 wrote to memory of 4140	1528	0a2f7a516dbcf2155674f149eaeaba11.exe	77
PID 4140 wrote to memory of 3524	4140	0a2f7a516dbcf2155674f149eaeaba11.exe	48
PID 4140 wrote to memory of 3524	4140	0a2f7a516dbcf2155674f149eaeaba11.exe	48
PID 4140 wrote to memory of 3524	4140	0a2f7a516dbcf2155674f149eaeaba11.exe	48
PID 4140 wrote to memory of 3524	4140	0a2f7a516dbcf2155674f149eaeaba11.exe	48

C:\Users\Admin\AppData\Local\Temp\0a2f7a516dbcf2155674f149eaeaba11.exe
"C:\Users\Admin\AppData\Local\Temp\0a2f7a516dbcf2155674f149eaeaba11.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 440
  2⤵
  - Program crash
  PID:1540
- C:\Users\Admin\AppData\Local\Temp\0a2f7a516dbcf2155674f149eaeaba11.exe
  "C:\Users\Admin\AppData\Local\Temp\0a2f7a516dbcf2155674f149eaeaba11.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4140
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 472
  2⤵
  - Program crash
  PID:1920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1528 -ip 1528
1⤵
PID:64

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1528 -ip 1528
1⤵
PID:2240

memory/1528-4-0x0000000010400000-0x000000001041A000-memory.dmp

Filesize
104KB

Download
memory/3524-8-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download
memory/3524-6-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/4140-1-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4140-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4140-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4140-7-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download