c64bab69557d30b346a4d8c5a7f74c1a5c5a486996fa3ffd260dc96b731e228e

Analysis

max time kernel
184s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 05:32

Target

c64bab69557d30b346a4d8c5a7f74c1a5c5a486996fa3ffd260dc96b731e228e.exe
Size

318KB
MD5

05b775810a77a06fa4f07e5b90e0a3db
SHA1

fd0464b57a8c92a03dfa1edb5a2044e2de9b8804
SHA256

c64bab69557d30b346a4d8c5a7f74c1a5c5a486996fa3ffd260dc96b731e228e
SHA512

c9af46f64782d68f3588be245fb883a31f75561eb851f56f68ad6d04a96ebf3871fb0ad937f79d3906a35ed63878473b2e2628a3b7a10e4f2e7d7bd70d7c4afe
SSDEEP

6144:SbtRwVGdTt8quIfu0mKt9sWa2qqoz+4mkm1TfMkbC:ydB8cfu0qWa2kz+3jF5bC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2196	716	WerFault.exe	81

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
716	c64bab69557d30b346a4d8c5a7f74c1a5c5a486996fa3ffd260dc96b731e228e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 716 wrote to memory of 5000	716	c64bab69557d30b346a4d8c5a7f74c1a5c5a486996fa3ffd260dc96b731e228e.exe	83
PID 716 wrote to memory of 5000	716	c64bab69557d30b346a4d8c5a7f74c1a5c5a486996fa3ffd260dc96b731e228e.exe	83
PID 716 wrote to memory of 5000	716	c64bab69557d30b346a4d8c5a7f74c1a5c5a486996fa3ffd260dc96b731e228e.exe	83
PID 716 wrote to memory of 5000	716	c64bab69557d30b346a4d8c5a7f74c1a5c5a486996fa3ffd260dc96b731e228e.exe	83

C:\Users\Admin\AppData\Local\Temp\c64bab69557d30b346a4d8c5a7f74c1a5c5a486996fa3ffd260dc96b731e228e.exe
"C:\Users\Admin\AppData\Local\Temp\c64bab69557d30b346a4d8c5a7f74c1a5c5a486996fa3ffd260dc96b731e228e.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:716
- C:\Users\Admin\AppData\Local\Temp\c64bab69557d30b346a4d8c5a7f74c1a5c5a486996fa3ffd260dc96b731e228e.exe
  "C:\Users\Admin\AppData\Local\Temp\c64bab69557d30b346a4d8c5a7f74c1a5c5a486996fa3ffd260dc96b731e228e.exe"
  2⤵
  PID:5000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 716 -s 472
  2⤵
  - Program crash
  PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 716 -ip 716
1⤵
PID:5080