128c23a754e9ea439a29cf2de85919f711e69f2c66bd61334e187f64b7cb8644

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2023 16:21

Target

3c792b4323e3edexeexeexeex.exe
Size

241KB
MD5

3c792b4323e3edf4b07bba34f471a7e6
SHA1

0a2bd52eb023927c306be850a6ddc7b3e49e49f6
SHA256

128c23a754e9ea439a29cf2de85919f711e69f2c66bd61334e187f64b7cb8644
SHA512

c4b702420f2ce548f176c64d477c2ca22b61b21141c71ebe44e48a986c52eff2a34622306dc91e20b9c2d3899ecacab041df035bfa6469a6ffd8c34d0ab81258
SSDEEP

3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4216	having.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\without\having.exe	3c792b4323e3edexeexeexeex.exe
File opened for modification	C:\Program Files\without\having.exe	3c792b4323e3edexeexeexeex.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4420	4984	WerFault.exe	85
4892	4984	WerFault.exe	85

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 4216	4984	3c792b4323e3edexeexeexeex.exe	87
PID 4984 wrote to memory of 4216	4984	3c792b4323e3edexeexeexeex.exe	87
PID 4984 wrote to memory of 4216	4984	3c792b4323e3edexeexeexeex.exe	87

C:\Users\Admin\AppData\Local\Temp\3c792b4323e3edexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\3c792b4323e3edexeexeexeex.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Program Files\without\having.exe
  "C:\Program Files\without\having.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4216
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 1044
  2⤵
  - Program crash
  PID:4420
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 1020
  2⤵
  - Program crash
  PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4984 -ip 4984
1⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4984 -ip 4984
1⤵
PID:4356

C:\Program Files\without\having.exe

Filesize
241KB

MD5
8bad5332d121a5ea0bbeb54754fa79aa

SHA1
88e66a917d6a22e768d9434b6c037a5689919c0a

SHA256
d53693ff21ef7b605d424c07c1cfe5df4b4eac244b661c639b80e227fa2733f3

SHA512
ca7889405c7ca9af83e4e12cfa34de7f375294f4f72968e28addcfa897497bb84285867c13432e43c3529fe9068fc117045f45700b35ebd6cd109b71c6dad411

Download Submit
C:\Program Files\without\having.exe

Filesize
241KB

MD5
8bad5332d121a5ea0bbeb54754fa79aa

SHA1
88e66a917d6a22e768d9434b6c037a5689919c0a

SHA256
d53693ff21ef7b605d424c07c1cfe5df4b4eac244b661c639b80e227fa2733f3

SHA512
ca7889405c7ca9af83e4e12cfa34de7f375294f4f72968e28addcfa897497bb84285867c13432e43c3529fe9068fc117045f45700b35ebd6cd109b71c6dad411

Download Submit