14c19350ef4a4e886b1b54a33995331d2105fa2af17163a70af0fdaa6be966b7

Analysis

max time kernel
165s
max time network
229s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 16:13

Target

7bd0c585c264236423abb95585c80873.exe
Size

1.2MB
MD5

7bd0c585c264236423abb95585c80873
SHA1

cfcb4aacd474dd20da233aafc5f0f1793dc11cce
SHA256

14c19350ef4a4e886b1b54a33995331d2105fa2af17163a70af0fdaa6be966b7
SHA512

2b97d4d06125cccd43a84ecde951b2e04e3363982a103649a9b0ff3d23b0dd27981c90813cd031935bf21b04ada768ecb890270e918f0511cbfb750e65889ca9
SSDEEP

24576:iMdktVSlvog5hp3gzBCsX1lq7xHZB0bTcpg9ZgYejEzOWa03NHI68mO:iMdkS6IsXkRX0bQEgYe709h8

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3292 set thread context of 772	3292	7bd0c585c264236423abb95585c80873.exe	90

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2916	772	WerFault.exe	90
4580	772	WerFault.exe	90

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3292 wrote to memory of 772	3292	7bd0c585c264236423abb95585c80873.exe	90
PID 3292 wrote to memory of 772	3292	7bd0c585c264236423abb95585c80873.exe	90
PID 3292 wrote to memory of 772	3292	7bd0c585c264236423abb95585c80873.exe	90
PID 3292 wrote to memory of 772	3292	7bd0c585c264236423abb95585c80873.exe	90
PID 3292 wrote to memory of 772	3292	7bd0c585c264236423abb95585c80873.exe	90
PID 3292 wrote to memory of 772	3292	7bd0c585c264236423abb95585c80873.exe	90
PID 3292 wrote to memory of 772	3292	7bd0c585c264236423abb95585c80873.exe	90
PID 3292 wrote to memory of 772	3292	7bd0c585c264236423abb95585c80873.exe	90
PID 3292 wrote to memory of 772	3292	7bd0c585c264236423abb95585c80873.exe	90
PID 3292 wrote to memory of 772	3292	7bd0c585c264236423abb95585c80873.exe	90

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 772 -ip 772
1⤵
PID:380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 772 -ip 772
1⤵
PID:1544

memory/772-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/772-1-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/772-2-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/772-4-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/772-3-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/772-5-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/772-6-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/772-7-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download