e5860ac419fd36694021fe48f46e53b7a91120465e0c8c7404fd14e0edd43be1

Analysis

max time kernel
144s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2024 23:56

Target

8db27d4bb1deeb7cf2b502d8641aa4fd.exe
Size

92KB
MD5

8db27d4bb1deeb7cf2b502d8641aa4fd
SHA1

6d2479a0e2093c7b1b9cb2fdf7973945c58e7e72
SHA256

e5860ac419fd36694021fe48f46e53b7a91120465e0c8c7404fd14e0edd43be1
SHA512

33cb0dfe341660cb2f6e3f50ca91759d7fa31a85a0e7156ca29b858d23e6b41eff723daa2f2587092479871f1ea221710520b80317f8212852a2d0d5f1784b31
SSDEEP

1536:/tgQloLYPNqYrljyHEty4Vmgxy6kkJGLl2G1n4oM2lo+5J8ZRtQZVc+Bq+b5SI7s:VgQFPsEljNty4VB86kkJGLZr3ZjE+f7s

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

8db27d4bb1deeb7cf2b502d8641aa4fd.exe

description pid process target process

PID 1172 set thread context of 1880 1172 8db27d4bb1deeb7cf2b502d8641aa4fd.exe 8db27d4bb1deeb7cf2b502d8641aa4fd.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3684 1880 WerFault.exe 8db27d4bb1deeb7cf2b502d8641aa4fd.exe

description	pid	process	target process
PID 1172 set thread context of 1880	1172	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe

pid	pid_target	process	target process
3684	1880	WerFault.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

8db27d4bb1deeb7cf2b502d8641aa4fd.exe

description	pid	process	target process
PID 1172 wrote to memory of 1880	1172	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe
PID 1172 wrote to memory of 1880	1172	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe
PID 1172 wrote to memory of 1880	1172	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe
PID 1172 wrote to memory of 1880	1172	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe
PID 1172 wrote to memory of 1880	1172	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe
PID 1172 wrote to memory of 1880	1172	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe
PID 1172 wrote to memory of 1880	1172	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe
PID 1172 wrote to memory of 1880	1172	8db27d4bb1deeb7cf2b502d8641aa4fd.exe	8db27d4bb1deeb7cf2b502d8641aa4fd.exe

C:\Users\Admin\AppData\Local\Temp\8db27d4bb1deeb7cf2b502d8641aa4fd.exe
"C:\Users\Admin\AppData\Local\Temp\8db27d4bb1deeb7cf2b502d8641aa4fd.exe"
2⤵
PID:1880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 364
3⤵
- Program crash
PID:3684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1880 -ip 1880
1⤵
PID:2224

memory/1880-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1880-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1880-1-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1880-3-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download