6767d47b3d23ac7ff737a39ab00b4581f9f99f60dd7e9dd8ed6f2c22c7190c2f

Analysis

max time kernel
7s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 03:47

Target

6767d47b3d23ac7ff737a39ab00b4581f9f99f60dd7e9dd8ed6f2c22c7190c2f.exe
Size

64KB
MD5

67657d344d9ead9c8bc2e06d12b9e6a4
SHA1

dda8b7d9b95ffb9d7613eef1e9bb75ff6f7e8807
SHA256

6767d47b3d23ac7ff737a39ab00b4581f9f99f60dd7e9dd8ed6f2c22c7190c2f
SHA512

d58d0db1f08f945722fda5da3e41dc8f10807ddb2a415606fe10bbbbe5a1c3b453722ccea293025e0b0514d57263e216a4bb87274b83d59b4e657f6d97f9fffd
SSDEEP

1536:fjtWQa+NWAKxFN1Gt5nxY7USbaNsHb6lfZ2G4/or:fVE1M2GmW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1372	1640	WerFault.exe	24

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1640	6767d47b3d23ac7ff737a39ab00b4581f9f99f60dd7e9dd8ed6f2c22c7190c2f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 1372	1640	6767d47b3d23ac7ff737a39ab00b4581f9f99f60dd7e9dd8ed6f2c22c7190c2f.exe	27
PID 1640 wrote to memory of 1372	1640	6767d47b3d23ac7ff737a39ab00b4581f9f99f60dd7e9dd8ed6f2c22c7190c2f.exe	27
PID 1640 wrote to memory of 1372	1640	6767d47b3d23ac7ff737a39ab00b4581f9f99f60dd7e9dd8ed6f2c22c7190c2f.exe	27
PID 1640 wrote to memory of 1372	1640	6767d47b3d23ac7ff737a39ab00b4581f9f99f60dd7e9dd8ed6f2c22c7190c2f.exe	27

C:\Users\Admin\AppData\Local\Temp\6767d47b3d23ac7ff737a39ab00b4581f9f99f60dd7e9dd8ed6f2c22c7190c2f.exe
"C:\Users\Admin\AppData\Local\Temp\6767d47b3d23ac7ff737a39ab00b4581f9f99f60dd7e9dd8ed6f2c22c7190c2f.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 188
  2⤵
  - Program crash
  PID:1372