464e48a3c905b3aca403fca2176d134306398949125dc7723dcc2aad81588afe

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 16:25

Target

464e48a3c905b3aca403fca2176d134306398949125dc7723dcc2aad81588afe.exe
Size

244KB
MD5

6599d21a56eef0043bfc80910751cd66
SHA1

dc5198d1954fc0dca1c552e8da4102cff6c61de5
SHA256

464e48a3c905b3aca403fca2176d134306398949125dc7723dcc2aad81588afe
SHA512

3acf90be64319293ccfed5be5728c54750f27b13ff56f4366e262c163754bcdda9d0c4c427dc7850b80114cd53ba23e49f6d320aad136f6ac57eecd12d39a8dc
SSDEEP

3072:mBUxH2JTj0V2CdzKHy0UkbN0a8n8K7XborJz15EsLe/BUjGXQ3BDZMT:mBmcv02CdR0U+N0pn8Qo91ZLIBGGB

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1280	1600	WerFault.exe	26

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1600	464e48a3c905b3aca403fca2176d134306398949125dc7723dcc2aad81588afe.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 1280	1600	464e48a3c905b3aca403fca2176d134306398949125dc7723dcc2aad81588afe.exe	27
PID 1600 wrote to memory of 1280	1600	464e48a3c905b3aca403fca2176d134306398949125dc7723dcc2aad81588afe.exe	27
PID 1600 wrote to memory of 1280	1600	464e48a3c905b3aca403fca2176d134306398949125dc7723dcc2aad81588afe.exe	27
PID 1600 wrote to memory of 1280	1600	464e48a3c905b3aca403fca2176d134306398949125dc7723dcc2aad81588afe.exe	27

C:\Users\Admin\AppData\Local\Temp\464e48a3c905b3aca403fca2176d134306398949125dc7723dcc2aad81588afe.exe
"C:\Users\Admin\AppData\Local\Temp\464e48a3c905b3aca403fca2176d134306398949125dc7723dcc2aad81588afe.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 188
  2⤵
  - Program crash
  PID:1280