4c5ae07738e2ddf31f25f1244551f1dfe36c571fa1b93470a3fd6befb1a57bb8

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 10:21

Target

15c0c2ce25e4f02d026c60b6dc58b166.exe
Size

344KB
MD5

15c0c2ce25e4f02d026c60b6dc58b166
SHA1

2164a4b678d6bbc8a7948a623da40c42f3d10309
SHA256

4c5ae07738e2ddf31f25f1244551f1dfe36c571fa1b93470a3fd6befb1a57bb8
SHA512

5820add84401e41961d7e8ea33bb2c2b21be4894f242b3309e5825d319edbdc6683a9448f09f5091e210cd2e02e38e3025bcacb1a1dcae0136f234d825ca09bb
SSDEEP

3072:X99UZTQXyZYrG7mEKx/tnq3YuVFr3jW8v6fxVQYGXTBmANksb7c9Xtr3hvB99BFO:p8vExOjjVc9XtrtcIFW

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
628	852E.tmp

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4212 set thread context of 2168	4212	15c0c2ce25e4f02d026c60b6dc58b166.exe	94

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1140	628	WerFault.exe	91
1368	2168	WerFault.exe	94
456	2168	WerFault.exe	94

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4212	15c0c2ce25e4f02d026c60b6dc58b166.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4212 wrote to memory of 2168	4212	15c0c2ce25e4f02d026c60b6dc58b166.exe	94
PID 4212 wrote to memory of 2168	4212	15c0c2ce25e4f02d026c60b6dc58b166.exe	94
PID 4212 wrote to memory of 2168	4212	15c0c2ce25e4f02d026c60b6dc58b166.exe	94
PID 4212 wrote to memory of 2168	4212	15c0c2ce25e4f02d026c60b6dc58b166.exe	94
PID 4212 wrote to memory of 2168	4212	15c0c2ce25e4f02d026c60b6dc58b166.exe	94
PID 4212 wrote to memory of 2168	4212	15c0c2ce25e4f02d026c60b6dc58b166.exe	94
PID 4212 wrote to memory of 2168	4212	15c0c2ce25e4f02d026c60b6dc58b166.exe	94
PID 4212 wrote to memory of 2168	4212	15c0c2ce25e4f02d026c60b6dc58b166.exe	94
PID 4212 wrote to memory of 2168	4212	15c0c2ce25e4f02d026c60b6dc58b166.exe	94
PID 4212 wrote to memory of 2168	4212	15c0c2ce25e4f02d026c60b6dc58b166.exe	94
PID 4212 wrote to memory of 2168	4212	15c0c2ce25e4f02d026c60b6dc58b166.exe	94
PID 2168 wrote to memory of 628	2168	15c0c2ce25e4f02d026c60b6dc58b166.exe	91
PID 2168 wrote to memory of 628	2168	15c0c2ce25e4f02d026c60b6dc58b166.exe	91
PID 2168 wrote to memory of 628	2168	15c0c2ce25e4f02d026c60b6dc58b166.exe	91

C:\Users\Admin\AppData\Local\Temp\852E.tmp
C:\Users\Admin\AppData\Local\Temp\852E.tmp
1⤵
- Executes dropped EXE
PID:628
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 488
  2⤵
  - Program crash
  PID:1140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2168 -ip 2168
1⤵
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 628 -ip 628
1⤵
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2168 -ip 2168
1⤵
PID:4652

memory/628-13-0x0000000000400000-0x0000000000402200-memory.dmp

Filesize
8KB

Download
memory/2168-3-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2168-6-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2168-7-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2168-5-0x0000000000400000-0x000000000040F2B0-memory.dmp

Filesize
60KB

Download
memory/2168-12-0x0000000000400000-0x000000000040F2B0-memory.dmp

Filesize
60KB

Download
memory/2168-16-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4212-0-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download