ce06541dfe6d29b4efd2927ed54fa60838e5640f06a4cfb436ac8590e7f595e1

Analysis

max time kernel
21s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 22:00

Target

ce06541dfe6d29b4efd2927ed54fa60838e5640f06a4cfb436ac8590e7f595e1.exe
Size

572KB
MD5

031b8aac7557711eb465eab991031473
SHA1

457e1848acbcc45d0143838e0081c104f6567fd9
SHA256

ce06541dfe6d29b4efd2927ed54fa60838e5640f06a4cfb436ac8590e7f595e1
SHA512

6ef09efbdb94e5556cd49c7fb46e93cdf9a8db67cb185ddbb0a0f217951b601fb48f86447491806cb6be714c827fdf7d1a8b4b7c452c0a5227fea0e470c27865
SSDEEP

3072:DaKo9DgmEjwasKI+KmHDOZC45X6l3svUvxadt3RCpiEMR0MwI22CbXrbVQqm+syN:x8EmQEQRjOZRX6lnvefCgXR0L2QXrJT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
948	1756	WerFault.exe	20

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1756	ce06541dfe6d29b4efd2927ed54fa60838e5640f06a4cfb436ac8590e7f595e1.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1756	ce06541dfe6d29b4efd2927ed54fa60838e5640f06a4cfb436ac8590e7f595e1.exe
1756	ce06541dfe6d29b4efd2927ed54fa60838e5640f06a4cfb436ac8590e7f595e1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 948	1756	ce06541dfe6d29b4efd2927ed54fa60838e5640f06a4cfb436ac8590e7f595e1.exe	27
PID 1756 wrote to memory of 948	1756	ce06541dfe6d29b4efd2927ed54fa60838e5640f06a4cfb436ac8590e7f595e1.exe	27
PID 1756 wrote to memory of 948	1756	ce06541dfe6d29b4efd2927ed54fa60838e5640f06a4cfb436ac8590e7f595e1.exe	27
PID 1756 wrote to memory of 948	1756	ce06541dfe6d29b4efd2927ed54fa60838e5640f06a4cfb436ac8590e7f595e1.exe	27

C:\Users\Admin\AppData\Local\Temp\ce06541dfe6d29b4efd2927ed54fa60838e5640f06a4cfb436ac8590e7f595e1.exe
"C:\Users\Admin\AppData\Local\Temp\ce06541dfe6d29b4efd2927ed54fa60838e5640f06a4cfb436ac8590e7f595e1.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 220
  2⤵
  - Program crash
  PID:948

memory/948-55-0x0000000000000000-mapping.dmp

Download
memory/1756-54-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download
memory/1756-56-0x0000000000260000-0x0000000000264000-memory.dmp

Filesize
16KB

Download