504aba9ffc85b963c92b2725c54b2f16e8dca913b5dbe2b7d75786eee3692a38

Analysis

max time kernel
148s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 09:08

Target

©ɱ/077.exe
Size

110KB
MD5

21d8ecd57783294141cf648361b6e170
SHA1

61ddd9abf3a2985ce57e7ba164f35be7acfa0d60
SHA256

45aa4f7c452193b44964e1c6d5fd9219f69a9c2d031db3a9620b059247831615
SHA512

6f5d83619bf173305fe66ae1c88c69c6c892ba70b12dc5be4cfeb7518ddbe6f1a3f4773bf179aee2d74a71578bf9b83216367212883dfa105f5f4951d1b2dc5f
SSDEEP

1536:B+VbfAE8hMRhkzM0r+A7EjbXUlfu4C8WIBI+rDfiv4lqXJSLwjw/tJFAZtqg:IVb4EUMszMsjHbWIFrDnqZc/tJFAZz

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2184 1668 WerFault.exe 077.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

077.exe

pid process

1668 077.exe

pid	pid_target	process	target process
2184	1668	WerFault.exe	077.exe

pid	process
1668	077.exe

C:\Users\Admin\AppData\Local\Temp\©ɱ\077.exe
"C:\Users\Admin\AppData\Local\Temp\©ɱ\077.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 384
2⤵
- Program crash
PID:2184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1668 -ip 1668
1⤵
PID:2492