ccf0fa69dfe550851d455092c8b239827c7496b79739ff8d43e1b1bc81eb2cd0

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 21:15

Target

4731fc3837423e50c6ca4814df421ef2.exe
Size

145KB
MD5

4731fc3837423e50c6ca4814df421ef2
SHA1

3d9638e86beca21ed54d60810d1ed218ad50576f
SHA256

ccf0fa69dfe550851d455092c8b239827c7496b79739ff8d43e1b1bc81eb2cd0
SHA512

00a4c9ab1ecc4e087582720a22da6de30c0bffc17fbd782ce003a9397a04b36fbaee8b624383cb5b9a79e6ec11354319557fe89b09a9e14fd31e50e078346e5d
SSDEEP

3072:iPKwtuRRJtr4RwSkgpWdIxaOirOLgY4luteMds8VwuNNJTHeHwtjhDnYjs9:ioRE0IxcIteMds8Vwubp+QfY

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 428 set thread context of 528	428	4731fc3837423e50c6ca4814df421ef2.exe	94

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4788	528	WerFault.exe	94

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 428 wrote to memory of 528	428	4731fc3837423e50c6ca4814df421ef2.exe	94
PID 428 wrote to memory of 528	428	4731fc3837423e50c6ca4814df421ef2.exe	94
PID 428 wrote to memory of 528	428	4731fc3837423e50c6ca4814df421ef2.exe	94
PID 428 wrote to memory of 528	428	4731fc3837423e50c6ca4814df421ef2.exe	94
PID 428 wrote to memory of 528	428	4731fc3837423e50c6ca4814df421ef2.exe	94

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 528 -ip 528
1⤵
PID:1288

memory/428-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/528-0-0x0000000001000000-0x0000000001013000-memory.dmp

Filesize
76KB

Download