2028db8966934bf9df329178f82cf4b73efbd766ce5c89fd239551a5f7277cfb

Analysis

max time kernel
0s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 16:54

Target

2ec84c7f64eb5fc8d2f19d5f39a81528.exe
Size

1.3MB
MD5

2ec84c7f64eb5fc8d2f19d5f39a81528
SHA1

8a8b58ca7a5b20a17c9bd5954345b8fa1d2aa389
SHA256

2028db8966934bf9df329178f82cf4b73efbd766ce5c89fd239551a5f7277cfb
SHA512

418fa81f5a31d89562ab810164266ef391b9490ba752a85d3151c3941369336854f9c651ea16a05c6ea220c16fce939e1ce54777342367e7cce90e6ae72d2d2f
SSDEEP

24576:dpyhP5RFFrSEyFPu8JR9ksaQFCLwbLflBPb:ayFPu8D9k5QELuLz

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3716 set thread context of 2224	3716	2ec84c7f64eb5fc8d2f19d5f39a81528.exe	20

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1364	2224	WerFault.exe	20
3048	2224	WerFault.exe	20

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3716 wrote to memory of 2224	3716	2ec84c7f64eb5fc8d2f19d5f39a81528.exe	20
PID 3716 wrote to memory of 2224	3716	2ec84c7f64eb5fc8d2f19d5f39a81528.exe	20
PID 3716 wrote to memory of 2224	3716	2ec84c7f64eb5fc8d2f19d5f39a81528.exe	20
PID 3716 wrote to memory of 2224	3716	2ec84c7f64eb5fc8d2f19d5f39a81528.exe	20
PID 3716 wrote to memory of 2224	3716	2ec84c7f64eb5fc8d2f19d5f39a81528.exe	20
PID 3716 wrote to memory of 2224	3716	2ec84c7f64eb5fc8d2f19d5f39a81528.exe	20
PID 3716 wrote to memory of 2224	3716	2ec84c7f64eb5fc8d2f19d5f39a81528.exe	20
PID 3716 wrote to memory of 2224	3716	2ec84c7f64eb5fc8d2f19d5f39a81528.exe	20
PID 3716 wrote to memory of 2224	3716	2ec84c7f64eb5fc8d2f19d5f39a81528.exe	20
PID 3716 wrote to memory of 2224	3716	2ec84c7f64eb5fc8d2f19d5f39a81528.exe	20

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2224 -ip 2224
1⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2224 -ip 2224
1⤵
PID:2680

memory/2224-1-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2224-2-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2224-4-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2224-5-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2224-3-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2224-6-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2224-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2224-7-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download