35bd76f1ea80501a62efa589f3aaed415f5b3f8d2711aa2067362416982b174d

Analysis

max time kernel
44s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
24/11/2022, 06:08

Target

35bd76f1ea80501a62efa589f3aaed415f5b3f8d2711aa2067362416982b174d.exe
Size

224KB
MD5

2cc246c1c26cb38fb9d4e45865a33425
SHA1

1278b1872c3cdf867e2ccec57acdef11d61bb7a8
SHA256

35bd76f1ea80501a62efa589f3aaed415f5b3f8d2711aa2067362416982b174d
SHA512

f8d866e1fcfd85976234bc534b0129887bb2701ed599681603c89abb6d399c5c388d56aa46019f94ca176b19df7743ec26d66a1774c41b46eafee382e236d692
SSDEEP

3072:v89MwCi4hB2TN/KkSe9imGrbzn+3ZuC3QUlRdSwfMWDUAe:v89MwCi4hB2TN/KI9FGy3Zu0gd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1108	1816	WerFault.exe	26

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1816	35bd76f1ea80501a62efa589f3aaed415f5b3f8d2711aa2067362416982b174d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1816 wrote to memory of 1108	1816	35bd76f1ea80501a62efa589f3aaed415f5b3f8d2711aa2067362416982b174d.exe	27
PID 1816 wrote to memory of 1108	1816	35bd76f1ea80501a62efa589f3aaed415f5b3f8d2711aa2067362416982b174d.exe	27
PID 1816 wrote to memory of 1108	1816	35bd76f1ea80501a62efa589f3aaed415f5b3f8d2711aa2067362416982b174d.exe	27
PID 1816 wrote to memory of 1108	1816	35bd76f1ea80501a62efa589f3aaed415f5b3f8d2711aa2067362416982b174d.exe	27

C:\Users\Admin\AppData\Local\Temp\35bd76f1ea80501a62efa589f3aaed415f5b3f8d2711aa2067362416982b174d.exe
"C:\Users\Admin\AppData\Local\Temp\35bd76f1ea80501a62efa589f3aaed415f5b3f8d2711aa2067362416982b174d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1816
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 188
  2⤵
  - Program crash
  PID:1108