437f0974be9900ab6e3a1ef23080c705ddfa0681d7b974dbdd739e5d30af0156

Analysis

max time kernel
22s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 04:49

Target

437f0974be9900ab6e3a1ef23080c705ddfa0681d7b974dbdd739e5d30af0156.exe
Size

33KB
MD5

343c9893c8f53bce6a16c477db32abcb
SHA1

d6b40dbb0914140a50f6ea05d923942e79eee4a5
SHA256

437f0974be9900ab6e3a1ef23080c705ddfa0681d7b974dbdd739e5d30af0156
SHA512

41432a64bf510b263902886d2da1a120b151c8f79ca91ca55a570002f5af03314c021867c91b6e44660c73fb548ceb287286d68e66655738ead18d6a54f323c0
SSDEEP

768:H6kY1SrrV6SmmOmXPpMsXo5SL4uUrAoC8tRkEkA:nrV1HOmXxroCQR1kA

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1488	872	WerFault.exe	19

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
872	437f0974be9900ab6e3a1ef23080c705ddfa0681d7b974dbdd739e5d30af0156.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 1488	872	437f0974be9900ab6e3a1ef23080c705ddfa0681d7b974dbdd739e5d30af0156.exe	27
PID 872 wrote to memory of 1488	872	437f0974be9900ab6e3a1ef23080c705ddfa0681d7b974dbdd739e5d30af0156.exe	27
PID 872 wrote to memory of 1488	872	437f0974be9900ab6e3a1ef23080c705ddfa0681d7b974dbdd739e5d30af0156.exe	27
PID 872 wrote to memory of 1488	872	437f0974be9900ab6e3a1ef23080c705ddfa0681d7b974dbdd739e5d30af0156.exe	27

C:\Users\Admin\AppData\Local\Temp\437f0974be9900ab6e3a1ef23080c705ddfa0681d7b974dbdd739e5d30af0156.exe
"C:\Users\Admin\AppData\Local\Temp\437f0974be9900ab6e3a1ef23080c705ddfa0681d7b974dbdd739e5d30af0156.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 188
  2⤵
  - Program crash
  PID:1488