864ab1a3252b5629040b7b9b2efda4c8172180158d11bb6704fca332fd2650a9

Analysis

max time kernel
142s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 12:45

Target

369c5bf7de0116ea4efb94241f5156e9.exe
Size

86KB
MD5

369c5bf7de0116ea4efb94241f5156e9
SHA1

2fa216c6953134ead71b3272eb3f9a4e662d0a00
SHA256

864ab1a3252b5629040b7b9b2efda4c8172180158d11bb6704fca332fd2650a9
SHA512

de952f29f99fa50bf1566c2a06a85782bb286ed45b864585e04000a4fcafd1edcde40fae4b5d834c70ab276529f9c7f73f1f49eafa519308a02a9716426d9546
SSDEEP

1536:1bqTQxBrGVnH5y6YDKvYJKvNr14eqNGxO4Rqu2tQhVe:eUdSnHQ6nvYox9qNGxO4oae

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 836 set thread context of 2308	836	369c5bf7de0116ea4efb94241f5156e9.exe	16

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2392	836	WerFault.exe	14

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 2308	836	369c5bf7de0116ea4efb94241f5156e9.exe	16
PID 836 wrote to memory of 2308	836	369c5bf7de0116ea4efb94241f5156e9.exe	16
PID 836 wrote to memory of 2308	836	369c5bf7de0116ea4efb94241f5156e9.exe	16
PID 836 wrote to memory of 2308	836	369c5bf7de0116ea4efb94241f5156e9.exe	16
PID 836 wrote to memory of 2308	836	369c5bf7de0116ea4efb94241f5156e9.exe	16
PID 836 wrote to memory of 2308	836	369c5bf7de0116ea4efb94241f5156e9.exe	16
PID 836 wrote to memory of 2392	836	369c5bf7de0116ea4efb94241f5156e9.exe	15
PID 836 wrote to memory of 2392	836	369c5bf7de0116ea4efb94241f5156e9.exe	15
PID 836 wrote to memory of 2392	836	369c5bf7de0116ea4efb94241f5156e9.exe	15
PID 836 wrote to memory of 2392	836	369c5bf7de0116ea4efb94241f5156e9.exe	15

C:\Users\Admin\AppData\Local\Temp\369c5bf7de0116ea4efb94241f5156e9.exe
"C:\Users\Admin\AppData\Local\Temp\369c5bf7de0116ea4efb94241f5156e9.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:836
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 176
  2⤵
  - Program crash
  PID:2392
- C:\Users\Admin\AppData\Local\Temp\369c5bf7de0116ea4efb94241f5156e9.exe
  C:\Users\Admin\AppData\Local\Temp\369c5bf7de0116ea4efb94241f5156e9.exe
  2⤵
  PID:2308

memory/836-6-0x0000000050010000-0x000000005002F000-memory.dmp

Filesize
124KB

Download
memory/2308-2-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2308-5-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2308-4-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2308-0-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download