322fe7fb755d71347f07497396077fdddb5946d457258c89e0612f8162798149

Analysis

max time kernel
35s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 20:29

Target

322fe7fb755d71347f07497396077fdddb5946d457258c89e0612f8162798149.exe
Size

231KB
MD5

96e0bc59d959c250f1b27cb8c5201768
SHA1

7c31c254e39484c67a599b87de67de644edcff2b
SHA256

322fe7fb755d71347f07497396077fdddb5946d457258c89e0612f8162798149
SHA512

65b299dabc68f11eb47426860016d72217a00433220a81d764e6b57d4d4c3d1e92dc18a8dcb7059014e6d93f7f4b66ca208e8293e6e76ede0f42d74b57ad255b
SSDEEP

3072:nqE2b+8CqzpkagX7cUwUAZ/B/PGk8ahfpPJmtFDRB/ueBht9B:l2K8Cq9kao7CXGkNxpRcn/uAZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
880	1908	WerFault.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1908	322fe7fb755d71347f07497396077fdddb5946d457258c89e0612f8162798149.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 880	1908	322fe7fb755d71347f07497396077fdddb5946d457258c89e0612f8162798149.exe	28
PID 1908 wrote to memory of 880	1908	322fe7fb755d71347f07497396077fdddb5946d457258c89e0612f8162798149.exe	28
PID 1908 wrote to memory of 880	1908	322fe7fb755d71347f07497396077fdddb5946d457258c89e0612f8162798149.exe	28
PID 1908 wrote to memory of 880	1908	322fe7fb755d71347f07497396077fdddb5946d457258c89e0612f8162798149.exe	28
PID 1908 wrote to memory of 880	1908	322fe7fb755d71347f07497396077fdddb5946d457258c89e0612f8162798149.exe	28
PID 1908 wrote to memory of 880	1908	322fe7fb755d71347f07497396077fdddb5946d457258c89e0612f8162798149.exe	28
PID 1908 wrote to memory of 880	1908	322fe7fb755d71347f07497396077fdddb5946d457258c89e0612f8162798149.exe	28

C:\Users\Admin\AppData\Local\Temp\322fe7fb755d71347f07497396077fdddb5946d457258c89e0612f8162798149.exe
"C:\Users\Admin\AppData\Local\Temp\322fe7fb755d71347f07497396077fdddb5946d457258c89e0612f8162798149.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 352
  2⤵
  - Program crash
  PID:880

memory/880-55-0x0000000000000000-mapping.dmp

Download
memory/1908-54-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download