66e214dc1be37b684a7c4bc4019ccc969276d4a9bbb33f178da1e4be0025aa5d

Analysis

max time kernel
146s
max time network
85s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2024 20:14

Target

3dc7c6be3f52b0085d638cf697cbf5a8.exe
Size

36KB
MD5

3dc7c6be3f52b0085d638cf697cbf5a8
SHA1

d8dd2bceb212c3aa0705a299c68e00bee0a90386
SHA256

66e214dc1be37b684a7c4bc4019ccc969276d4a9bbb33f178da1e4be0025aa5d
SHA512

0e81cb930c16aa1e48ea0d6aa42f8eb665862490cada07ef8e7e9ef481de1efc7da44ccc2dbc03a243a1e6829e23757c2aad4536768bd2d1d2ed0425e2054d4c
SSDEEP

768:BLlqpWmqNebg3lMXHPJgSrOP5UcEOwYYd/N/h0mlFZVQrjWK:xlqpWmIebIlM3PWS8U6uZ00Qr

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1328 set thread context of 1144	1328	3dc7c6be3f52b0085d638cf697cbf5a8.exe	23

Program crash 1 IoCs

pid	pid_target	Process
2660	1144	WerFault.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1328	3dc7c6be3f52b0085d638cf697cbf5a8.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 1144	1328	3dc7c6be3f52b0085d638cf697cbf5a8.exe	23
PID 1328 wrote to memory of 1144	1328	3dc7c6be3f52b0085d638cf697cbf5a8.exe	23
PID 1328 wrote to memory of 1144	1328	3dc7c6be3f52b0085d638cf697cbf5a8.exe	23
PID 1328 wrote to memory of 1144	1328	3dc7c6be3f52b0085d638cf697cbf5a8.exe	23
PID 1328 wrote to memory of 1144	1328	3dc7c6be3f52b0085d638cf697cbf5a8.exe	23
PID 1328 wrote to memory of 1144	1328	3dc7c6be3f52b0085d638cf697cbf5a8.exe	23
PID 1328 wrote to memory of 1144	1328	3dc7c6be3f52b0085d638cf697cbf5a8.exe	23
PID 1328 wrote to memory of 1144	1328	3dc7c6be3f52b0085d638cf697cbf5a8.exe	23

C:\Users\Admin\AppData\Local\Temp\3dc7c6be3f52b0085d638cf697cbf5a8.exe
"C:\Users\Admin\AppData\Local\Temp\3dc7c6be3f52b0085d638cf697cbf5a8.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Users\Admin\AppData\Local\Temp\3dc7c6be3f52b0085d638cf697cbf5a8.exe
  "C:\Users\Admin\AppData\Local\Temp\3dc7c6be3f52b0085d638cf697cbf5a8.exe"
  2⤵
  PID:1144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1144 -ip 1144
1⤵
PID:3032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 364
1⤵
- Program crash
PID:2660

memory/1144-6-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/1144-4-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/1144-8-0x0000000000400000-0x0000000000403200-memory.dmp

Filesize
12KB

Download
memory/1328-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1328-7-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download