c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470

Analysis

max time kernel
150s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 23:10

Target

c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe
Size

3.4MB
MD5

f51c649edeedcb1e8ffc9a79eff86816
SHA1

ae8f6aab757e1539b427a7151f406da178e7bc02
SHA256

c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470
SHA512

8ada88562d95a25eff6371b3ea269996d1e1a7203f641beb1c851cb5f1b6cc52a16f941cfbd8c8d5c443a8558c43ec6e5746dfe160cd906dc12a1ddf1c254124
SSDEEP

3072:3g64yo/pjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjq:QfzE

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
3940	ActiveLphe.ini

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft\ActiveLphe.ini	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe
File created	C:\Windows\Microsoft\ActiveLphe.ini	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3320	3940	WerFault.exe	80
1604	3940	WerFault.exe	80

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
440	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe
440	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
440	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe
3940	ActiveLphe.ini
3940	ActiveLphe.ini

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 440 wrote to memory of 3940	440	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe	80
PID 440 wrote to memory of 3940	440	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe	80
PID 440 wrote to memory of 3940	440	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe	80
PID 3940 wrote to memory of 3320	3940	ActiveLphe.ini	84
PID 3940 wrote to memory of 3320	3940	ActiveLphe.ini	84
PID 3940 wrote to memory of 3320	3940	ActiveLphe.ini	84

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3940 -ip 3940
1⤵
PID:4844

C:\Installs

Filesize
102B

MD5
d4522b0cfda2ba9ef85770a7d029860b

SHA1
be63514ab7c172e4a52c10c1cec1ae2f4138a5ca

SHA256
7794040a6a5e979955e34afe9b3496e9793eb39a451b63937d3341450138a96f

SHA512
a10399a99fa6277ce9f30b52a4cd88655d117fb1408b670dfbf30ed9f01e44b85820d807ba20986ec85efe9c21cdbaa0c31906af16e0e7d7a2a568c365ad4ad3

Download Submit
C:\Windows\Microsoft\ActiveLphe.ini

Filesize
13.3MB

MD5
0f215dbd303a2fb3a9db2f9a5ee398ba

SHA1
aba5f5b6a8d95dc025fd3206591a30acf0175662

SHA256
87314c75b0f53a4e8d67fa8a9b1872587744dc06e75dfe8ebe909aa3ad2fcb8e

SHA512
bef37d776b1e06c47089f6b7284f4e22aced5582690fccd8418645c0f5f52d5d029fd7990b0ef9e6895da949d77c0af4ce78f7de35c9419929289d61eb85654a

Download Submit
C:\Windows\Microsoft\ActiveLphe.ini

Filesize
13.3MB

MD5
0f215dbd303a2fb3a9db2f9a5ee398ba

SHA1
aba5f5b6a8d95dc025fd3206591a30acf0175662

SHA256
87314c75b0f53a4e8d67fa8a9b1872587744dc06e75dfe8ebe909aa3ad2fcb8e

SHA512
bef37d776b1e06c47089f6b7284f4e22aced5582690fccd8418645c0f5f52d5d029fd7990b0ef9e6895da949d77c0af4ce78f7de35c9419929289d61eb85654a

Download Submit
memory/3320-136-0x0000000000000000-mapping.dmp

Download
memory/3940-132-0x0000000000000000-mapping.dmp

Download