f01b29d1444ca0b8056959deab9c46cd4c306b173742a8fdb62d3c41a3e8648d

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 21:16

Target

d48bba8abc8c9b500833721821ad8cf0.exe
Size

272KB
MD5

d48bba8abc8c9b500833721821ad8cf0
SHA1

6c337fdb905c2d3d69584d0330dc78a1153f4c9b
SHA256

f01b29d1444ca0b8056959deab9c46cd4c306b173742a8fdb62d3c41a3e8648d
SHA512

e231f9ef4981f7aa8d637eec388fb48e3c31dd93ba6034a6c1a6a7921ffc122d65c4fdf78b93352b39e00125ac2019f34b7752a51301f57c5edbadd19d85abc8
SSDEEP

6144:kSkPxDtbmWy6yhZsLw7BgnG7HxIlbkjx+xXuz98I+mVcvD:kSkZFksAd7RIl439DF2

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 840 set thread context of 1888	840	d48bba8abc8c9b500833721821ad8cf0.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2916	1888	WerFault.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
840	d48bba8abc8c9b500833721821ad8cf0.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 1888	840	d48bba8abc8c9b500833721821ad8cf0.exe	28
PID 840 wrote to memory of 1888	840	d48bba8abc8c9b500833721821ad8cf0.exe	28
PID 840 wrote to memory of 1888	840	d48bba8abc8c9b500833721821ad8cf0.exe	28
PID 840 wrote to memory of 1888	840	d48bba8abc8c9b500833721821ad8cf0.exe	28
PID 840 wrote to memory of 1888	840	d48bba8abc8c9b500833721821ad8cf0.exe	28
PID 840 wrote to memory of 1888	840	d48bba8abc8c9b500833721821ad8cf0.exe	28
PID 840 wrote to memory of 1888	840	d48bba8abc8c9b500833721821ad8cf0.exe	28
PID 840 wrote to memory of 1888	840	d48bba8abc8c9b500833721821ad8cf0.exe	28
PID 840 wrote to memory of 1888	840	d48bba8abc8c9b500833721821ad8cf0.exe	28
PID 840 wrote to memory of 1888	840	d48bba8abc8c9b500833721821ad8cf0.exe	28
PID 840 wrote to memory of 1888	840	d48bba8abc8c9b500833721821ad8cf0.exe	28
PID 840 wrote to memory of 1888	840	d48bba8abc8c9b500833721821ad8cf0.exe	28
PID 840 wrote to memory of 1888	840	d48bba8abc8c9b500833721821ad8cf0.exe	28
PID 1888 wrote to memory of 2916	1888	cmd.exe	29
PID 1888 wrote to memory of 2916	1888	cmd.exe	29
PID 1888 wrote to memory of 2916	1888	cmd.exe	29
PID 1888 wrote to memory of 2916	1888	cmd.exe	29

memory/1888-2-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1888-4-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1888-6-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1888-8-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1888-10-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1888-12-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1888-14-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1888-16-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1888-18-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1888-22-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1888-21-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1888-20-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1888-24-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download