e15a97fae1f969cad8aa7169698d6b1abfb55e2bd20d5c69ab58dca76110d608

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 18:53

Target

35ee2f6b6d71008d976f49c7028e2189.exe
Size

178KB
MD5

35ee2f6b6d71008d976f49c7028e2189
SHA1

1b523d55a0f1d3d1235a59580e3932ca84208203
SHA256

e15a97fae1f969cad8aa7169698d6b1abfb55e2bd20d5c69ab58dca76110d608
SHA512

5e5b1e6a320406f236914d151901e6d26e632be5aefe88924a6087e15847c83ad195c284dfdb92b028598e5af891dfd9ee6dec7c4d71fbd6a6bb156fe2cd0a60
SSDEEP

3072:hnKloR4GuxDN2jt9S/0JTSnEX9aGlJ9siUu:TeGuxQjrS/Qmq

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2140 set thread context of 2548	2140	35ee2f6b6d71008d976f49c7028e2189.exe	22

Program crash 1 IoCs

pid	pid_target	Process
2088	2548	WerFault.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2548	2140	35ee2f6b6d71008d976f49c7028e2189.exe	22
PID 2140 wrote to memory of 2548	2140	35ee2f6b6d71008d976f49c7028e2189.exe	22
PID 2140 wrote to memory of 2548	2140	35ee2f6b6d71008d976f49c7028e2189.exe	22
PID 2140 wrote to memory of 2548	2140	35ee2f6b6d71008d976f49c7028e2189.exe	22
PID 2140 wrote to memory of 2548	2140	35ee2f6b6d71008d976f49c7028e2189.exe	22
PID 2140 wrote to memory of 2548	2140	35ee2f6b6d71008d976f49c7028e2189.exe	22
PID 2140 wrote to memory of 2548	2140	35ee2f6b6d71008d976f49c7028e2189.exe	22
PID 2140 wrote to memory of 2548	2140	35ee2f6b6d71008d976f49c7028e2189.exe	22
PID 2140 wrote to memory of 2548	2140	35ee2f6b6d71008d976f49c7028e2189.exe	22
PID 2548 wrote to memory of 2088	2548	35ee2f6b6d71008d976f49c7028e2189.exe	21
PID 2548 wrote to memory of 2088	2548	35ee2f6b6d71008d976f49c7028e2189.exe	21
PID 2548 wrote to memory of 2088	2548	35ee2f6b6d71008d976f49c7028e2189.exe	21
PID 2548 wrote to memory of 2088	2548	35ee2f6b6d71008d976f49c7028e2189.exe	21

C:\Users\Admin\AppData\Local\Temp\35ee2f6b6d71008d976f49c7028e2189.exe
"C:\Users\Admin\AppData\Local\Temp\35ee2f6b6d71008d976f49c7028e2189.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Users\Admin\AppData\Local\Temp\35ee2f6b6d71008d976f49c7028e2189.exe
  "C:\Users\Admin\AppData\Local\Temp\35ee2f6b6d71008d976f49c7028e2189.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 116
1⤵
- Program crash
PID:2088

memory/2140-0-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2140-14-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2140-6-0x0000000006310000-0x000000000633D000-memory.dmp

Filesize
180KB

Download
memory/2548-12-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2548-16-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2548-15-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2548-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2548-8-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2548-5-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2548-3-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2548-1-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download