9b2e166e69584f44f60b0d8a73335912f90e689ecaa2061afbd637709fba4393

Analysis

max time kernel
139s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 14:31

Target

z43CurriculumVitaeCatalinaMunoz.exe
Size

868KB
MD5

ef31bc60bdbc2ad56005acb7e9f44d55
SHA1

e80ea41015ce8253262a1071f7fa4804d58743b5
SHA256

9b2e166e69584f44f60b0d8a73335912f90e689ecaa2061afbd637709fba4393
SHA512

38d809a37547972b41bc8efe7587eb16ccbdf8fe1ad0b0c66fc7df4760f23757cb5b59c235ae6d148f499bf31f7f32041cc91f9318d4782fcd082f7824bcd984
SSDEEP

12288:Dux504bFtx504bFWxKVdnwr4O1BcjAgRpEk6ZKQlaAXbQPKJUldOHIz37c:qw4bjw4bL3nwr4eBcjlEkgKQRGQE7

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

z43CurriculumVitaeCatalinaMunoz.exe

description pid process target process

PID 4808 set thread context of 652 4808 z43CurriculumVitaeCatalinaMunoz.exe z43CurriculumVitaeCatalinaMunoz.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3200 652 WerFault.exe z43CurriculumVitaeCatalinaMunoz.exe

description	pid	process	target process
PID 4808 set thread context of 652	4808	z43CurriculumVitaeCatalinaMunoz.exe	z43CurriculumVitaeCatalinaMunoz.exe

pid	pid_target	process	target process
3200	652	WerFault.exe	z43CurriculumVitaeCatalinaMunoz.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

z43CurriculumVitaeCatalinaMunoz.exez43CurriculumVitaeCatalinaMunoz.exe

pid	process
4808	z43CurriculumVitaeCatalinaMunoz.exe
4808	z43CurriculumVitaeCatalinaMunoz.exe
652	z43CurriculumVitaeCatalinaMunoz.exe
652	z43CurriculumVitaeCatalinaMunoz.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

z43CurriculumVitaeCatalinaMunoz.exe

description pid process

Token: SeDebugPrivilege 4808 z43CurriculumVitaeCatalinaMunoz.exe

description	pid	process
Token: SeDebugPrivilege	4808	z43CurriculumVitaeCatalinaMunoz.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

z43CurriculumVitaeCatalinaMunoz.exe

description	pid	process	target process
PID 4808 wrote to memory of 1844	4808	z43CurriculumVitaeCatalinaMunoz.exe	z43CurriculumVitaeCatalinaMunoz.exe
PID 4808 wrote to memory of 1844	4808	z43CurriculumVitaeCatalinaMunoz.exe	z43CurriculumVitaeCatalinaMunoz.exe
PID 4808 wrote to memory of 1844	4808	z43CurriculumVitaeCatalinaMunoz.exe	z43CurriculumVitaeCatalinaMunoz.exe
PID 4808 wrote to memory of 652	4808	z43CurriculumVitaeCatalinaMunoz.exe	z43CurriculumVitaeCatalinaMunoz.exe
PID 4808 wrote to memory of 652	4808	z43CurriculumVitaeCatalinaMunoz.exe	z43CurriculumVitaeCatalinaMunoz.exe
PID 4808 wrote to memory of 652	4808	z43CurriculumVitaeCatalinaMunoz.exe	z43CurriculumVitaeCatalinaMunoz.exe
PID 4808 wrote to memory of 652	4808	z43CurriculumVitaeCatalinaMunoz.exe	z43CurriculumVitaeCatalinaMunoz.exe
PID 4808 wrote to memory of 652	4808	z43CurriculumVitaeCatalinaMunoz.exe	z43CurriculumVitaeCatalinaMunoz.exe
PID 4808 wrote to memory of 652	4808	z43CurriculumVitaeCatalinaMunoz.exe	z43CurriculumVitaeCatalinaMunoz.exe

C:\Users\Admin\AppData\Local\Temp\z43CurriculumVitaeCatalinaMunoz.exe
"C:\Users\Admin\AppData\Local\Temp\z43CurriculumVitaeCatalinaMunoz.exe"
2⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\z43CurriculumVitaeCatalinaMunoz.exe
"C:\Users\Admin\AppData\Local\Temp\z43CurriculumVitaeCatalinaMunoz.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 184
3⤵
- Program crash
PID:3200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 652 -ip 652
1⤵
PID:1340

memory/652-10-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/652-14-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/652-13-0x00000000017F0000-0x0000000001B3A000-memory.dmp

Filesize
3.3MB

Download
memory/4808-6-0x0000000005870000-0x000000000590C000-memory.dmp

Filesize
624KB

Download
memory/4808-4-0x00000000055E0000-0x00000000055EA000-memory.dmp

Filesize
40KB

Download
memory/4808-5-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/4808-0-0x0000000074EAE000-0x0000000074EAF000-memory.dmp

Filesize
4KB

Download
memory/4808-7-0x0000000006310000-0x000000000632A000-memory.dmp

Filesize
104KB

Download
memory/4808-8-0x0000000005610000-0x0000000005620000-memory.dmp

Filesize
64KB

Download
memory/4808-9-0x0000000006780000-0x000000000680A000-memory.dmp

Filesize
552KB

Download
memory/4808-3-0x0000000005620000-0x00000000056B2000-memory.dmp

Filesize
584KB

Download
memory/4808-12-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/4808-2-0x0000000005B30000-0x00000000060D4000-memory.dmp

Filesize
5.6MB

Download
memory/4808-1-0x0000000000B00000-0x0000000000BDC000-memory.dmp

Filesize
880KB

Download