c5bec757bbcb8ba9a7b84d27b3d34717c289a5000d4b3fe307937719edfd243c

Analysis

max time kernel
92s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 12:57

Target

a32d858257c0013c7f291ff9c312ead6.exe
Size

466KB
MD5

a32d858257c0013c7f291ff9c312ead6
SHA1

8842a6d2e19ce562c9b87da1046b7369fae11ec4
SHA256

c5bec757bbcb8ba9a7b84d27b3d34717c289a5000d4b3fe307937719edfd243c
SHA512

ae64564957eafdb598e753d916ecf1bb655870fb5ee74dcdf1fd57f5baabd84f10a01ef1e2ef3b27fb3d907342d7d63d2dc878d5fc61e75a591654ede538995f
SSDEEP

12288:ul2TzR34llz14UYnaXYMhTjROuLh7SNwMGw5pia:u6oPz0nhk8ud70wMGw

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

a32d858257c0013c7f291ff9c312ead6.exe

description pid process target process

PID 1488 set thread context of 4896 1488 a32d858257c0013c7f291ff9c312ead6.exe a32d858257c0013c7f291ff9c312ead6.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

940 4896 WerFault.exe a32d858257c0013c7f291ff9c312ead6.exe

description	pid	process	target process
PID 1488 set thread context of 4896	1488	a32d858257c0013c7f291ff9c312ead6.exe	a32d858257c0013c7f291ff9c312ead6.exe

pid	pid_target	process	target process
940	4896	WerFault.exe	a32d858257c0013c7f291ff9c312ead6.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

a32d858257c0013c7f291ff9c312ead6.exe

description	pid	process	target process
PID 1488 wrote to memory of 4896	1488	a32d858257c0013c7f291ff9c312ead6.exe	a32d858257c0013c7f291ff9c312ead6.exe
PID 1488 wrote to memory of 4896	1488	a32d858257c0013c7f291ff9c312ead6.exe	a32d858257c0013c7f291ff9c312ead6.exe
PID 1488 wrote to memory of 4896	1488	a32d858257c0013c7f291ff9c312ead6.exe	a32d858257c0013c7f291ff9c312ead6.exe
PID 1488 wrote to memory of 4896	1488	a32d858257c0013c7f291ff9c312ead6.exe	a32d858257c0013c7f291ff9c312ead6.exe
PID 1488 wrote to memory of 4896	1488	a32d858257c0013c7f291ff9c312ead6.exe	a32d858257c0013c7f291ff9c312ead6.exe
PID 1488 wrote to memory of 4896	1488	a32d858257c0013c7f291ff9c312ead6.exe	a32d858257c0013c7f291ff9c312ead6.exe

C:\Users\Admin\AppData\Local\Temp\a32d858257c0013c7f291ff9c312ead6.exe
"C:\Users\Admin\AppData\Local\Temp\a32d858257c0013c7f291ff9c312ead6.exe"
2⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 184
3⤵
- Program crash
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4896 -ip 4896
1⤵
PID:3528

memory/1488-0-0x0000000074DBE000-0x0000000074DBF000-memory.dmp

Filesize
4KB

Download
memory/1488-1-0x0000000000560000-0x00000000005DA000-memory.dmp

Filesize
488KB

Download
memory/1488-2-0x0000000005560000-0x0000000005B04000-memory.dmp

Filesize
5.6MB

Download
memory/1488-3-0x0000000004E90000-0x0000000004F22000-memory.dmp

Filesize
584KB

Download
memory/1488-4-0x0000000074DB0000-0x0000000075560000-memory.dmp

Filesize
7.7MB

Download
memory/1488-5-0x0000000004F90000-0x0000000004F9A000-memory.dmp

Filesize
40KB

Download
memory/1488-6-0x00000000050B0000-0x0000000005126000-memory.dmp

Filesize
472KB

Download
memory/1488-7-0x0000000005240000-0x00000000052DC000-memory.dmp

Filesize
624KB

Download
memory/1488-8-0x0000000005160000-0x0000000005168000-memory.dmp

Filesize
32KB

Download
memory/1488-13-0x0000000074DB0000-0x0000000075560000-memory.dmp

Filesize
7.7MB

Download
memory/4896-10-0x0000000000520000-0x0000000000563000-memory.dmp

Filesize
268KB

Download