89dd330cd693c1615affe7f47a9825d428c586a1d72ff23eb4f3cc4442d942de

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 20:00

Target

89dd330cd693c1615affe7f47a9825d428c586a1d72ff23eb4f3cc4442d942de.exe
Size

228KB
MD5

fc108d4e07c544c4361ab7518718c694
SHA1

a403fe890aec797421d36ac08f6c2bb2822566f6
SHA256

89dd330cd693c1615affe7f47a9825d428c586a1d72ff23eb4f3cc4442d942de
SHA512

98e99fb0a85ad9be9ee94634315665a204fd7e0c3c97adb9fc2a2e6ef91c862ca903a20fba7c8192edc7115e3ef378f76dcdf7a8161af560487dca839ad81c47
SSDEEP

3072:PC9JrKnuW3kCFrWsF2eLaFsCiKCoQsZahJSy94sUhz:am13PFKs7aFwKWlSp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1108	1816	WerFault.exe	26

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1816	89dd330cd693c1615affe7f47a9825d428c586a1d72ff23eb4f3cc4442d942de.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1816 wrote to memory of 1108	1816	89dd330cd693c1615affe7f47a9825d428c586a1d72ff23eb4f3cc4442d942de.exe	27
PID 1816 wrote to memory of 1108	1816	89dd330cd693c1615affe7f47a9825d428c586a1d72ff23eb4f3cc4442d942de.exe	27
PID 1816 wrote to memory of 1108	1816	89dd330cd693c1615affe7f47a9825d428c586a1d72ff23eb4f3cc4442d942de.exe	27
PID 1816 wrote to memory of 1108	1816	89dd330cd693c1615affe7f47a9825d428c586a1d72ff23eb4f3cc4442d942de.exe	27

C:\Users\Admin\AppData\Local\Temp\89dd330cd693c1615affe7f47a9825d428c586a1d72ff23eb4f3cc4442d942de.exe
"C:\Users\Admin\AppData\Local\Temp\89dd330cd693c1615affe7f47a9825d428c586a1d72ff23eb4f3cc4442d942de.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1816
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 188
  2⤵
  - Program crash
  PID:1108