49d02539a291d203ccc6a916fdf245adf7d1b619c870c67ccbeaa5671ef9c590

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 08:40

Target

129a996c4afc0de4f30e39bee8df5bcf.exe
Size

1.2MB
MD5

129a996c4afc0de4f30e39bee8df5bcf
SHA1

898dc0e920f49ae4f267009698f7ff1172e47a15
SHA256

49d02539a291d203ccc6a916fdf245adf7d1b619c870c67ccbeaa5671ef9c590
SHA512

66555dee1c0dabd571f397ed05b33e4a00b01666d12e5963a1a0ed6dd695834f586a4d90ff21a530e85e0f1be029b9b0fee4ce7180e6b6b86948c3217bd2875c
SSDEEP

24576:1mnoopTIXoZax2DqXQ47xWGY/JXhS6nx3CxLmN:1mnna4EQ47Y/JRSi08

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3068 set thread context of 2288	3068	129a996c4afc0de4f30e39bee8df5bcf.exe	89

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1252	2288	WerFault.exe	89
2528	2288	WerFault.exe	89

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2288	3068	129a996c4afc0de4f30e39bee8df5bcf.exe	89
PID 3068 wrote to memory of 2288	3068	129a996c4afc0de4f30e39bee8df5bcf.exe	89
PID 3068 wrote to memory of 2288	3068	129a996c4afc0de4f30e39bee8df5bcf.exe	89
PID 3068 wrote to memory of 2288	3068	129a996c4afc0de4f30e39bee8df5bcf.exe	89
PID 3068 wrote to memory of 2288	3068	129a996c4afc0de4f30e39bee8df5bcf.exe	89
PID 3068 wrote to memory of 2288	3068	129a996c4afc0de4f30e39bee8df5bcf.exe	89
PID 3068 wrote to memory of 2288	3068	129a996c4afc0de4f30e39bee8df5bcf.exe	89
PID 3068 wrote to memory of 2288	3068	129a996c4afc0de4f30e39bee8df5bcf.exe	89
PID 3068 wrote to memory of 2288	3068	129a996c4afc0de4f30e39bee8df5bcf.exe	89
PID 3068 wrote to memory of 2288	3068	129a996c4afc0de4f30e39bee8df5bcf.exe	89

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2288 -ip 2288
1⤵
PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2288 -ip 2288
1⤵
PID:2964

memory/2288-0-0x0000000000400000-0x00000000004F4000-memory.dmp

Filesize
976KB

Download
memory/2288-1-0x0000000000400000-0x00000000004F4000-memory.dmp

Filesize
976KB

Download
memory/2288-2-0x0000000000400000-0x00000000004F4000-memory.dmp

Filesize
976KB

Download
memory/2288-4-0x0000000000400000-0x00000000004F4000-memory.dmp

Filesize
976KB

Download
memory/2288-5-0x0000000000400000-0x00000000004F4000-memory.dmp

Filesize
976KB

Download
memory/2288-3-0x0000000000400000-0x00000000004F4000-memory.dmp

Filesize
976KB

Download
memory/2288-6-0x0000000000400000-0x00000000004F4000-memory.dmp

Filesize
976KB

Download
memory/2288-8-0x0000000000400000-0x00000000004F4000-memory.dmp

Filesize
976KB

Download