6377b70e1ea5e7a40ced3fc8bb99814cbdcddfbb8fe98e3692a39ed62c0296da

Analysis

max time kernel
121s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2024 12:13

Target

3cd3aa1a614792a9bc3b914eee34760a.exe
Size

626KB
MD5

3cd3aa1a614792a9bc3b914eee34760a
SHA1

6e4c4f97c3bdfd87fde7b3d63a30ca0ebb231cc6
SHA256

6377b70e1ea5e7a40ced3fc8bb99814cbdcddfbb8fe98e3692a39ed62c0296da
SHA512

6efc5ceaad84e85545791998bef435ffcc99c49ed7a0986b1d5607f4046e17a3abb95a592a4f732c8783a290d18fdddac57a6ae41610ef62492fce46db9d7b19
SSDEEP

12288:TeA+TpDWF0TjqSTKXk49SCjUliBqKvIwqWrw1hDRCGv/6/C9Y:TFi5E0T7KXt93jUwBpwdKw1lrvC/CY

Score

5^/10

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2264 set thread context of 336	2264	3cd3aa1a614792a9bc3b914eee34760a.exe	25
PID 2264 set thread context of 1380	2264	3cd3aa1a614792a9bc3b914eee34760a.exe	20

Program crash 2 IoCs

pid	pid_target	Process
4724	336	WerFault.exe
2176	1380	WerFault.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 336	2264	3cd3aa1a614792a9bc3b914eee34760a.exe	25
PID 2264 wrote to memory of 336	2264	3cd3aa1a614792a9bc3b914eee34760a.exe	25
PID 2264 wrote to memory of 336	2264	3cd3aa1a614792a9bc3b914eee34760a.exe	25
PID 2264 wrote to memory of 336	2264	3cd3aa1a614792a9bc3b914eee34760a.exe	25
PID 2264 wrote to memory of 336	2264	3cd3aa1a614792a9bc3b914eee34760a.exe	25
PID 2264 wrote to memory of 1380	2264	3cd3aa1a614792a9bc3b914eee34760a.exe	20
PID 2264 wrote to memory of 1380	2264	3cd3aa1a614792a9bc3b914eee34760a.exe	20
PID 2264 wrote to memory of 1380	2264	3cd3aa1a614792a9bc3b914eee34760a.exe	20
PID 2264 wrote to memory of 1380	2264	3cd3aa1a614792a9bc3b914eee34760a.exe	20
PID 2264 wrote to memory of 1380	2264	3cd3aa1a614792a9bc3b914eee34760a.exe	20

C:\Users\Admin\AppData\Local\Temp\3cd3aa1a614792a9bc3b914eee34760a.exe
"C:\Users\Admin\AppData\Local\Temp\3cd3aa1a614792a9bc3b914eee34760a.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Users\Admin\AppData\Local\Temp\3cd3aa1a614792a9bc3b914eee34760a.exe
  "C:\Users\Admin\AppData\Local\Temp\3cd3aa1a614792a9bc3b914eee34760a.exe"
  2⤵
  PID:1380
- C:\Users\Admin\AppData\Local\Temp\3cd3aa1a614792a9bc3b914eee34760a.exe
  "C:\Users\Admin\AppData\Local\Temp\3cd3aa1a614792a9bc3b914eee34760a.exe"
  2⤵
  PID:336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 336 -ip 336
1⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1380 -ip 1380
1⤵
PID:1812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 12
1⤵
- Program crash
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 12
1⤵
- Program crash
PID:2176

memory/336-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/336-2-0x0000000013140000-0x0000000013140000-memory.dmp

Download
memory/1380-1-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/2264-4-0x0000000013140000-0x00000000131E4000-memory.dmp

Filesize
656KB

Download