4903d7f9b9efe5c15315ba9cf2783a895d97a89795cb3c354b30a9c7af08af00

Analysis

max time kernel
140s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2023, 17:23

Target

44311721be798cexeexeexeex.exe
Size

240KB
MD5

44311721be798c45e60d0056ef9dd65c
SHA1

4e1301df16a07ee73b9fcd5ea38da9cb84fb781a
SHA256

4903d7f9b9efe5c15315ba9cf2783a895d97a89795cb3c354b30a9c7af08af00
SHA512

de8db9c0081c781417fe2e58d38cd84b1feb5f1bb9df9d4fe13e1f7df84d094658bfba940789ac6b02db2c2288bde0b4cb7ef45163430928e9f03245a5af8cd0
SSDEEP

3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3532	.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\.exe	44311721be798cexeexeexeex.exe
File opened for modification	C:\Program Files\.exe	44311721be798cexeexeexeex.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1288	3732	WerFault.exe	55
1940	3732	WerFault.exe	55

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 3532	3732	44311721be798cexeexeexeex.exe	84
PID 3732 wrote to memory of 3532	3732	44311721be798cexeexeexeex.exe	84
PID 3732 wrote to memory of 3532	3732	44311721be798cexeexeexeex.exe	84

C:\Users\Admin\AppData\Local\Temp\44311721be798cexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\44311721be798cexeexeexeex.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3732
- C:\Program Files\.exe
  "C:\Program Files\\.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3532
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 1000
  2⤵
  - Program crash
  PID:1288
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 1020
  2⤵
  - Program crash
  PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3732 -ip 3732
1⤵
PID:3096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3732 -ip 3732
1⤵
PID:3272

C:\Program Files\.exe

Filesize
240KB

MD5
d1f2ff8421cb462cfa71d35cd888fe93

SHA1
1518af96a00e8783a83072b160c21e54617d67c9

SHA256
e10a0f9ef6b19b6dbc5374d48133a0f66f7ef580525c12d19379c289a43bc938

SHA512
aa3474bfd8641d46c4125b2f2cef50eab5a8a0455d0013a49caf981bee61c74f5fe2735195247cbda3e3952cd941263437eb22594c70737e1d4adb550e62be43

Download Submit
C:\Program Files\.exe

Filesize
240KB

MD5
d1f2ff8421cb462cfa71d35cd888fe93

SHA1
1518af96a00e8783a83072b160c21e54617d67c9

SHA256
e10a0f9ef6b19b6dbc5374d48133a0f66f7ef580525c12d19379c289a43bc938

SHA512
aa3474bfd8641d46c4125b2f2cef50eab5a8a0455d0013a49caf981bee61c74f5fe2735195247cbda3e3952cd941263437eb22594c70737e1d4adb550e62be43

Download Submit