d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 03:45

Target

d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe
Size

559KB
MD5

4bb1dcd39b08132e970fd8bda9443dd0
SHA1

73f12649f1bb035fdd9f7995febd3640c33b6be6
SHA256

d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71
SHA512

4b87b99c79917cc9371a48e8fb72c8a1faf0a47f0d375fabd0054206503a6450d77e27070196d6d0ed9d27a92e9b55962bcac6a8d9c73e8f31ebd35536c2dc19
SSDEEP

12288:FeXWvkP4Y4o+N69iHXszcVCH77SQp5ea9h1ZodPM1LDSaIjh:OWvHY4oK3szcVCYLM1LDSzjh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
916	756	WerFault.exe	11

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
756	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe

C:\Users\Admin\AppData\Local\Temp\d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe
"C:\Users\Admin\AppData\Local\Temp\d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 200
  2⤵
  - Program crash
  PID:916

memory/756-56-0x0000000000400000-0x00000000005AE000-memory.dmp

Filesize
1.7MB

Download
memory/756-57-0x0000000000400000-0x00000000005AE000-memory.dmp

Filesize
1.7MB

Download