08e9f0d66dad3fcdc2fa3eb6027410161c1e65cbeb4491cb94111a3778322e0f

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 23:51

Target

07998a29511247e848fdf49fa4bbb15e.exe
Size

33KB
MD5

07998a29511247e848fdf49fa4bbb15e
SHA1

4fbab8650e8f71b6078c51acbfa43fb35c87126a
SHA256

08e9f0d66dad3fcdc2fa3eb6027410161c1e65cbeb4491cb94111a3778322e0f
SHA512

5bb447b8bee3853b518e14e89289c8ab01b9e630e76b39c71f549af80a027d16210f6b540248edee984f739527d9905335af980883cff7789d11ae12c0aecae1
SSDEEP

384:MAhdXsruX/zMKzYwpFoWqFQydBoX6Fn3XpMSCDE045pbYww6FVq1qLuNrKyTSWH:jhdGuoSox7dBoX6d3XpqA+Z1iYWyTSW

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1520 set thread context of 2768	1520	07998a29511247e848fdf49fa4bbb15e.exe	16

Program crash 1 IoCs

pid	pid_target	Process
2752	2768	WerFault.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1520	07998a29511247e848fdf49fa4bbb15e.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 2768	1520	07998a29511247e848fdf49fa4bbb15e.exe	16
PID 1520 wrote to memory of 2768	1520	07998a29511247e848fdf49fa4bbb15e.exe	16
PID 1520 wrote to memory of 2768	1520	07998a29511247e848fdf49fa4bbb15e.exe	16
PID 1520 wrote to memory of 2768	1520	07998a29511247e848fdf49fa4bbb15e.exe	16
PID 1520 wrote to memory of 2768	1520	07998a29511247e848fdf49fa4bbb15e.exe	16
PID 1520 wrote to memory of 2768	1520	07998a29511247e848fdf49fa4bbb15e.exe	16
PID 1520 wrote to memory of 2768	1520	07998a29511247e848fdf49fa4bbb15e.exe	16
PID 1520 wrote to memory of 2768	1520	07998a29511247e848fdf49fa4bbb15e.exe	16
PID 1520 wrote to memory of 2768	1520	07998a29511247e848fdf49fa4bbb15e.exe	16
PID 2768 wrote to memory of 2752	2768	07998a29511247e848fdf49fa4bbb15e.exe	15
PID 2768 wrote to memory of 2752	2768	07998a29511247e848fdf49fa4bbb15e.exe	15
PID 2768 wrote to memory of 2752	2768	07998a29511247e848fdf49fa4bbb15e.exe	15
PID 2768 wrote to memory of 2752	2768	07998a29511247e848fdf49fa4bbb15e.exe	15

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 44
1⤵
- Program crash
PID:2752

C:\Users\Admin\AppData\Local\Temp\07998a29511247e848fdf49fa4bbb15e.exe
C:\Users\Admin\AppData\Local\Temp\07998a29511247e848fdf49fa4bbb15e.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:2768

memory/2768-4-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2768-19-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2768-18-0x0000000000400000-0x000000000040434A-memory.dmp

Filesize
16KB

Download
memory/2768-16-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2768-13-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2768-12-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2768-9-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2768-6-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2768-2-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2768-20-0x0000000000400000-0x000000000040434A-memory.dmp

Filesize
16KB

Download