15a99db940202303be6f85ccf1557bf0c42ba4f15f00492ad19d7768c89c4d83

Analysis

max time kernel
167s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 04:22

Target

0e57393aab8fb017f044efb1176e5f94.exe
Size

271KB
MD5

0e57393aab8fb017f044efb1176e5f94
SHA1

1cde6b321850ac441925355868bb6f189cbabbe5
SHA256

15a99db940202303be6f85ccf1557bf0c42ba4f15f00492ad19d7768c89c4d83
SHA512

91b64a4bd27e328bd9273860c87833ee34c4f766368a7e98d5982589ebf48cbebef19dc7534b7dbfe9551f4939bac80fb46bb00bb396d8ec325b642b7c7f1c98
SSDEEP

6144:Z0VBygetbV8GKLWRROCBzxCFDieCtxWpt5bJRhb0:2VByd8GKLWZBzmiRtxWXBe

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1744 set thread context of 4636	1744	0e57393aab8fb017f044efb1176e5f94.exe	92

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\paramstr.txt	0e57393aab8fb017f044efb1176e5f94.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2444	4636	WerFault.exe	92

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 4636	1744	0e57393aab8fb017f044efb1176e5f94.exe	92
PID 1744 wrote to memory of 4636	1744	0e57393aab8fb017f044efb1176e5f94.exe	92
PID 1744 wrote to memory of 4636	1744	0e57393aab8fb017f044efb1176e5f94.exe	92
PID 1744 wrote to memory of 4636	1744	0e57393aab8fb017f044efb1176e5f94.exe	92
PID 1744 wrote to memory of 4636	1744	0e57393aab8fb017f044efb1176e5f94.exe	92

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4636 -ip 4636
1⤵
PID:1928

memory/1744-0-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/1744-1-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/4636-3-0x0000000000400000-0x0000000000549000-memory.dmp

Filesize
1.3MB

Download