c4912dd9a55fc0580456e29060859c7fe380dd8e1cc1d79645c56065dc7d807c

Analysis

max time kernel
39s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 10:44

Target

c4912dd9a55fc0580456e29060859c7fe380dd8e1cc1d79645c56065dc7d807c.exe
Size

200KB
MD5

583437ff9ea3334229ab678e4a7a5d65
SHA1

caff256a0298a9fdce5ec2bd1a63aa8ff3927046
SHA256

c4912dd9a55fc0580456e29060859c7fe380dd8e1cc1d79645c56065dc7d807c
SHA512

aa1e50fb27eab15f5a13abf13e84826afe89fb00190f4826f268c95428dcf2a72f3ae6dca89da4fe8acda62ee90582875910b2999fa472e47b56ee0c74f8c432
SSDEEP

6144:vm6o9TlpWymPBeaSAOJ+7xi5eRed63qaCR8nIBKJ:Or7LmPBeaSAOJ+7xi5eRed63qaC0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1304	1208	WerFault.exe	26

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1208	c4912dd9a55fc0580456e29060859c7fe380dd8e1cc1d79645c56065dc7d807c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 1304	1208	c4912dd9a55fc0580456e29060859c7fe380dd8e1cc1d79645c56065dc7d807c.exe	27
PID 1208 wrote to memory of 1304	1208	c4912dd9a55fc0580456e29060859c7fe380dd8e1cc1d79645c56065dc7d807c.exe	27
PID 1208 wrote to memory of 1304	1208	c4912dd9a55fc0580456e29060859c7fe380dd8e1cc1d79645c56065dc7d807c.exe	27
PID 1208 wrote to memory of 1304	1208	c4912dd9a55fc0580456e29060859c7fe380dd8e1cc1d79645c56065dc7d807c.exe	27

C:\Users\Admin\AppData\Local\Temp\c4912dd9a55fc0580456e29060859c7fe380dd8e1cc1d79645c56065dc7d807c.exe
"C:\Users\Admin\AppData\Local\Temp\c4912dd9a55fc0580456e29060859c7fe380dd8e1cc1d79645c56065dc7d807c.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 196
  2⤵
  - Program crash
  PID:1304