a3baecef561b41d140d8ce957def32318700ae2d87225257dba74119b4e2691e

Analysis

max time kernel
141s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 23:21

Target

1fd8f9c06056f92e371fb7cfd098fa43.exe
Size

92KB
MD5

1fd8f9c06056f92e371fb7cfd098fa43
SHA1

ba16d755ea8d319d639e5a6ce1347391dab25988
SHA256

a3baecef561b41d140d8ce957def32318700ae2d87225257dba74119b4e2691e
SHA512

f73f953c50fcb4e02068a67b2fbe3de83e3883071f32f68acac7803b5d471dd9109cc055304bb9ce46e0f3d4e458b6b05b5b8baaae41f52c53f88ba197223cdf
SSDEEP

1536:/tgQloLYPNqYrlbZAq2YXpR7/MWMCglpryDPvbEhL4rpI3UCy8cDr3bR9qnL1h:VgQFPsEllAq2qzMC+12Zmzkr3bunLf

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

1fd8f9c06056f92e371fb7cfd098fa43.exe

description pid process target process

PID 2672 set thread context of 2292 2672 1fd8f9c06056f92e371fb7cfd098fa43.exe 1fd8f9c06056f92e371fb7cfd098fa43.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2484 2292 WerFault.exe 1fd8f9c06056f92e371fb7cfd098fa43.exe

description	pid	process	target process
PID 2672 set thread context of 2292	2672	1fd8f9c06056f92e371fb7cfd098fa43.exe	1fd8f9c06056f92e371fb7cfd098fa43.exe

pid	pid_target	process	target process
2484	2292	WerFault.exe	1fd8f9c06056f92e371fb7cfd098fa43.exe

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

1fd8f9c06056f92e371fb7cfd098fa43.exe1fd8f9c06056f92e371fb7cfd098fa43.exe

description	pid	process	target process
PID 2672 wrote to memory of 2292	2672	1fd8f9c06056f92e371fb7cfd098fa43.exe	1fd8f9c06056f92e371fb7cfd098fa43.exe
PID 2672 wrote to memory of 2292	2672	1fd8f9c06056f92e371fb7cfd098fa43.exe	1fd8f9c06056f92e371fb7cfd098fa43.exe
PID 2672 wrote to memory of 2292	2672	1fd8f9c06056f92e371fb7cfd098fa43.exe	1fd8f9c06056f92e371fb7cfd098fa43.exe
PID 2672 wrote to memory of 2292	2672	1fd8f9c06056f92e371fb7cfd098fa43.exe	1fd8f9c06056f92e371fb7cfd098fa43.exe
PID 2672 wrote to memory of 2292	2672	1fd8f9c06056f92e371fb7cfd098fa43.exe	1fd8f9c06056f92e371fb7cfd098fa43.exe
PID 2672 wrote to memory of 2292	2672	1fd8f9c06056f92e371fb7cfd098fa43.exe	1fd8f9c06056f92e371fb7cfd098fa43.exe
PID 2672 wrote to memory of 2292	2672	1fd8f9c06056f92e371fb7cfd098fa43.exe	1fd8f9c06056f92e371fb7cfd098fa43.exe
PID 2672 wrote to memory of 2292	2672	1fd8f9c06056f92e371fb7cfd098fa43.exe	1fd8f9c06056f92e371fb7cfd098fa43.exe
PID 2672 wrote to memory of 2292	2672	1fd8f9c06056f92e371fb7cfd098fa43.exe	1fd8f9c06056f92e371fb7cfd098fa43.exe
PID 2292 wrote to memory of 2484	2292	1fd8f9c06056f92e371fb7cfd098fa43.exe	WerFault.exe
PID 2292 wrote to memory of 2484	2292	1fd8f9c06056f92e371fb7cfd098fa43.exe	WerFault.exe
PID 2292 wrote to memory of 2484	2292	1fd8f9c06056f92e371fb7cfd098fa43.exe	WerFault.exe
PID 2292 wrote to memory of 2484	2292	1fd8f9c06056f92e371fb7cfd098fa43.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\1fd8f9c06056f92e371fb7cfd098fa43.exe
"C:\Users\Admin\AppData\Local\Temp\1fd8f9c06056f92e371fb7cfd098fa43.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 44
3⤵
- Program crash
PID:2484

memory/2292-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2292-4-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2292-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2292-6-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2292-5-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2292-8-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2292-10-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2292-11-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download