e5860ac419fd36694021fe48f46e53b7a91120465e0c8c7404fd14e0edd43be1

Analysis

max time kernel
143s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03-02-2024 23:56

Target

8db27d4bb1deeb7cf2b502d8641aa4fd.exe
Size

92KB
MD5

8db27d4bb1deeb7cf2b502d8641aa4fd
SHA1

6d2479a0e2093c7b1b9cb2fdf7973945c58e7e72
SHA256

e5860ac419fd36694021fe48f46e53b7a91120465e0c8c7404fd14e0edd43be1
SHA512

33cb0dfe341660cb2f6e3f50ca91759d7fa31a85a0e7156ca29b858d23e6b41eff723daa2f2587092479871f1ea221710520b80317f8212852a2d0d5f1784b31
SSDEEP

1536:/tgQloLYPNqYrljyHEty4Vmgxy6kkJGLl2G1n4oM2lo+5J8ZRtQZVc+Bq+b5SI7s:VgQFPsEljNty4VB86kkJGLZr3ZjE+f7s

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

8db27d4bb1deeb7cf2b502d8641aa4fd.exe

description pid process target process

PID 2232 set thread context of 1880 2232 8db27d4bb1deeb7cf2b502d8641aa4fd.exe 8db27d4bb1deeb7cf2b502d8641aa4fd.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2332 1880 WerFault.exe 8db27d4bb1deeb7cf2b502d8641aa4fd.exe

description	pid	process	target process
PID 2232 set thread context of 1880	2232	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe

pid	pid_target	process	target process
2332	1880	WerFault.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

8db27d4bb1deeb7cf2b502d8641aa4fd.exe8db27d4bb1deeb7cf2b502d8641aa4fd.exe

description	pid	process	target process
PID 2232 wrote to memory of 1880	2232	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe
PID 2232 wrote to memory of 1880	2232	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe
PID 2232 wrote to memory of 1880	2232	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe
PID 2232 wrote to memory of 1880	2232	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe
PID 2232 wrote to memory of 1880	2232	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe
PID 2232 wrote to memory of 1880	2232	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe
PID 2232 wrote to memory of 1880	2232	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe
PID 2232 wrote to memory of 1880	2232	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe
PID 2232 wrote to memory of 1880	2232	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe
PID 1880 wrote to memory of 2332	1880	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	WerFault.exe
PID 1880 wrote to memory of 2332	1880	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	WerFault.exe
PID 1880 wrote to memory of 2332	1880	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	WerFault.exe
PID 1880 wrote to memory of 2332	1880	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\8db27d4bb1deeb7cf2b502d8641aa4fd.exe
"C:\Users\Admin\AppData\Local\Temp\8db27d4bb1deeb7cf2b502d8641aa4fd.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:1880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 44
3⤵
- Program crash
PID:2332

memory/1880-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1880-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1880-4-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1880-6-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1880-5-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1880-8-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1880-10-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1880-11-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download