7439111fa238df419733904ed63fb0eca88347694a1fba69506a3f574fdaf466

Analysis

max time kernel
317s
max time network
393s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 21:29

Target

7439111fa238df419733904ed63fb0eca88347694a1fba69506a3f574fdaf466.exe
Size

104KB
MD5

f3d818b61c4bfef75ca22e0efe5c6043
SHA1

f6a63d40b6f34a75fe563fed8261b9ce6b2ce515
SHA256

7439111fa238df419733904ed63fb0eca88347694a1fba69506a3f574fdaf466
SHA512

b3c261816c8c93da4e310bcd432e0b86678e6a293318e77ef689662eb9f4a26e68337672ce185dcd6783091e48354124121508710e26cc9790e9808eda8b4a5e
SSDEEP

1536:oOT48hGDRLT8ZJYfZ2PwXGvVh1FbZUODWe3mTU7j:PT48CtT+J0APwXGvVh1vUOCkmTU7j

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1292	tmp.tmp.tmp1

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\tmp.tmp.tmp1	7439111fa238df419733904ed63fb0eca88347694a1fba69506a3f574fdaf466.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1524	1292	WerFault.exe	82

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4360	7439111fa238df419733904ed63fb0eca88347694a1fba69506a3f574fdaf466.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4360 wrote to memory of 1292	4360	7439111fa238df419733904ed63fb0eca88347694a1fba69506a3f574fdaf466.exe	82
PID 4360 wrote to memory of 1292	4360	7439111fa238df419733904ed63fb0eca88347694a1fba69506a3f574fdaf466.exe	82
PID 4360 wrote to memory of 1292	4360	7439111fa238df419733904ed63fb0eca88347694a1fba69506a3f574fdaf466.exe	82
PID 1292 wrote to memory of 1524	1292	tmp.tmp.tmp1	85
PID 1292 wrote to memory of 1524	1292	tmp.tmp.tmp1	85
PID 1292 wrote to memory of 1524	1292	tmp.tmp.tmp1	85

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1292 -ip 1292
1⤵
PID:2396

C:\Windows\tmp.tmp.tmp1

Filesize
76KB

MD5
11c554312bfd64073f2b19e659a59e96

SHA1
061435a014199f70119d58a5d6ac822741979010

SHA256
46b0e36860d0af1e1aa3da7204465a04586cce8fc01cfe0627cd9db188195f27

SHA512
c3bcd54825aa92cceb0dd85c9bb18f90a605070ca11fc344bb04df2ff0c2580eb79c995a4240727be5903baaed78e21cad74db2ec56959a81f1ac333508e2565

Download Submit
C:\Windows\tmp.tmp.tmp1

Filesize
76KB

MD5
11c554312bfd64073f2b19e659a59e96

SHA1
061435a014199f70119d58a5d6ac822741979010

SHA256
46b0e36860d0af1e1aa3da7204465a04586cce8fc01cfe0627cd9db188195f27

SHA512
c3bcd54825aa92cceb0dd85c9bb18f90a605070ca11fc344bb04df2ff0c2580eb79c995a4240727be5903baaed78e21cad74db2ec56959a81f1ac333508e2565

Download Submit