237389b054d69ff0e7ff30d54acbc560aa8534aa0b46d025c70be2b5e8b0f03c

Analysis

max time kernel
91s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 02:29

Target

8dfe45d1b22291a8b5dc380891bd59b4.exe
Size

1.3MB
MD5

8dfe45d1b22291a8b5dc380891bd59b4
SHA1

50a8547d0859677e8e6514e94f99f61b9f5d1bc1
SHA256

237389b054d69ff0e7ff30d54acbc560aa8534aa0b46d025c70be2b5e8b0f03c
SHA512

9f65bbe829b37f98bda2309910a21105f18ca6bb1ed052e23c5b74dec1bd6e79f647957ba6f9b9000ad0f12896e9ad7e51795e80ab0f36890b731519a2d51c8e
SSDEEP

24576:eXO93poEu4pCkao1bNQfSyNGXTYGwwKCWiBe+I351KDsTXY8vZ6Qe4:eMZoANNbyNGjW8u5MsTXY8vfx

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1168 set thread context of 2012	1168	8dfe45d1b22291a8b5dc380891bd59b4.exe	85

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4240	2012	WerFault.exe	85
536	2012	WerFault.exe	85

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 2012	1168	8dfe45d1b22291a8b5dc380891bd59b4.exe	85
PID 1168 wrote to memory of 2012	1168	8dfe45d1b22291a8b5dc380891bd59b4.exe	85
PID 1168 wrote to memory of 2012	1168	8dfe45d1b22291a8b5dc380891bd59b4.exe	85
PID 1168 wrote to memory of 2012	1168	8dfe45d1b22291a8b5dc380891bd59b4.exe	85
PID 1168 wrote to memory of 2012	1168	8dfe45d1b22291a8b5dc380891bd59b4.exe	85
PID 1168 wrote to memory of 2012	1168	8dfe45d1b22291a8b5dc380891bd59b4.exe	85
PID 1168 wrote to memory of 2012	1168	8dfe45d1b22291a8b5dc380891bd59b4.exe	85
PID 1168 wrote to memory of 2012	1168	8dfe45d1b22291a8b5dc380891bd59b4.exe	85
PID 1168 wrote to memory of 2012	1168	8dfe45d1b22291a8b5dc380891bd59b4.exe	85
PID 1168 wrote to memory of 2012	1168	8dfe45d1b22291a8b5dc380891bd59b4.exe	85

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2012 -ip 2012
1⤵
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2012 -ip 2012
1⤵
PID:3448

memory/2012-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2012-1-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2012-2-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2012-3-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2012-4-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2012-5-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2012-6-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2012-7-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download