dfccdf632aeba9fbd885e8fbf08f48bc68d4f57cc6b714c99d0a49367fd1b780

Analysis

max time kernel
46s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
26/11/2022, 21:54

Target

dfccdf632aeba9fbd885e8fbf08f48bc68d4f57cc6b714c99d0a49367fd1b780.exe
Size

1.0MB
MD5

808a2657c954ab8f4833788d772e01b2
SHA1

bf012d9f1ac685426a58997d57ca13e12c08b40b
SHA256

dfccdf632aeba9fbd885e8fbf08f48bc68d4f57cc6b714c99d0a49367fd1b780
SHA512

5e5d70421823038b27c02d0411a2ee093312b2a798234beea3caa060780152802b8ba1118898527ea1648575e4ce298673a5bcd26e97dcc418485712350f71c2
SSDEEP

24576:4ZCWeS+NXDg6J8fBhXsmjETM/DhV00zUNXEtrRiCMU:XRJNSJhXsmjcMrX1IqMu

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
852	1600	WerFault.exe	26

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1600	dfccdf632aeba9fbd885e8fbf08f48bc68d4f57cc6b714c99d0a49367fd1b780.exe
1600	dfccdf632aeba9fbd885e8fbf08f48bc68d4f57cc6b714c99d0a49367fd1b780.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 852	1600	dfccdf632aeba9fbd885e8fbf08f48bc68d4f57cc6b714c99d0a49367fd1b780.exe	27
PID 1600 wrote to memory of 852	1600	dfccdf632aeba9fbd885e8fbf08f48bc68d4f57cc6b714c99d0a49367fd1b780.exe	27
PID 1600 wrote to memory of 852	1600	dfccdf632aeba9fbd885e8fbf08f48bc68d4f57cc6b714c99d0a49367fd1b780.exe	27
PID 1600 wrote to memory of 852	1600	dfccdf632aeba9fbd885e8fbf08f48bc68d4f57cc6b714c99d0a49367fd1b780.exe	27

C:\Users\Admin\AppData\Local\Temp\dfccdf632aeba9fbd885e8fbf08f48bc68d4f57cc6b714c99d0a49367fd1b780.exe
"C:\Users\Admin\AppData\Local\Temp\dfccdf632aeba9fbd885e8fbf08f48bc68d4f57cc6b714c99d0a49367fd1b780.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 204
  2⤵
  - Program crash
  PID:852