b251da63a18b504d74376b2da5615f9a8dbb3b5158d016579c408479c7aad6c9

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2024, 15:11

Target

de4eded2e90077a3e3f664a8502b4ca8.exe
Size

641KB
MD5

de4eded2e90077a3e3f664a8502b4ca8
SHA1

a8f070c82b4b28d4759225c2de21ea5023da293f
SHA256

b251da63a18b504d74376b2da5615f9a8dbb3b5158d016579c408479c7aad6c9
SHA512

a1f7109fd26b068927f559bb18705444f0ef1347e6b4fe979d1536a663c0a3a4b7869d644df798792cdfcb680d7097c8effacdaa24d609e8a6646fec2c52efc1
SSDEEP

12288:5fIq3QM09m07Hb+74bewH4tC/Awm79xtLS4I70M7vvH/kdX0OTiVqk:5fIyn0lS74bnYtJwm79xVSx3E0OOVt

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
5044	de4eded2e90077a3e3f664a8502b4ca8.exe
5044	de4eded2e90077a3e3f664a8502b4ca8.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5100	5044	WerFault.exe	86

C:\Users\Admin\AppData\Local\Temp\de4eded2e90077a3e3f664a8502b4ca8.exe
"C:\Users\Admin\AppData\Local\Temp\de4eded2e90077a3e3f664a8502b4ca8.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:5044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 488
  2⤵
  - Program crash
  PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5044 -ip 5044
1⤵
PID:4792

memory/5044-0-0x0000000000400000-0x00000000004DBEAD-memory.dmp

Filesize
879KB

Download
memory/5044-1-0x00000000004C3000-0x00000000004DC000-memory.dmp

Filesize
100KB

Download
memory/5044-2-0x00000000004C3000-0x00000000004DC000-memory.dmp

Filesize
100KB

Download
memory/5044-3-0x0000000000400000-0x00000000004DBEAD-memory.dmp

Filesize
879KB

Download