5a5fbb78cd15218065048f4142b2e67f4ad961624368661cf399c433724f2fa7

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2023 12:32

Target

497aadd5eedd1fexeexeexeex.exe
Size

239KB
MD5

497aadd5eedd1f125075969c5aff1b86
SHA1

2a2c1768a82f5bcf7c9adb1313fb29b52427ccde
SHA256

5a5fbb78cd15218065048f4142b2e67f4ad961624368661cf399c433724f2fa7
SHA512

20c9b55426873da846161db93103ae4e7da09dd076700b7498242849e675366036ded4f66d4ce0e36d2bfce8a6a8371dd05dd07b7aeadeafb4ed1b2b8f9b6414
SSDEEP

3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2352	previous.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\instead\previous.exe	497aadd5eedd1fexeexeexeex.exe
File opened for modification	C:\Program Files\instead\previous.exe	497aadd5eedd1fexeexeexeex.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2432	32	WerFault.exe	82
2740	32	WerFault.exe	82

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 32 wrote to memory of 2352	32	497aadd5eedd1fexeexeexeex.exe	84
PID 32 wrote to memory of 2352	32	497aadd5eedd1fexeexeexeex.exe	84
PID 32 wrote to memory of 2352	32	497aadd5eedd1fexeexeexeex.exe	84

C:\Users\Admin\AppData\Local\Temp\497aadd5eedd1fexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\497aadd5eedd1fexeexeexeex.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:32
- C:\Program Files\instead\previous.exe
  "C:\Program Files\instead\previous.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2352
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 32 -s 1040
  2⤵
  - Program crash
  PID:2432
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 32 -s 1100
  2⤵
  - Program crash
  PID:2740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 32 -ip 32
1⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 32 -ip 32
1⤵
PID:2316

C:\Program Files\instead\previous.exe

Filesize
239KB

MD5
867e2503f0d591a96d1b5b4bb1795239

SHA1
22c8328b44d3af4fd318632ff374070c0135ea45

SHA256
db103991dddbfdc4636bdc49bc678125552d81f3613dc2074bc6a4eb391fef7b

SHA512
3995b5137ce52761b9573b041f60a8bbf44a292851e6665feca393e09e70b7e80a3a99455a004e4ecf98396d8ddc9e221c0db65b0ebdfebe4d7a10cfa22ae05e

Download Submit
C:\Program Files\instead\previous.exe

Filesize
239KB

MD5
867e2503f0d591a96d1b5b4bb1795239

SHA1
22c8328b44d3af4fd318632ff374070c0135ea45

SHA256
db103991dddbfdc4636bdc49bc678125552d81f3613dc2074bc6a4eb391fef7b

SHA512
3995b5137ce52761b9573b041f60a8bbf44a292851e6665feca393e09e70b7e80a3a99455a004e4ecf98396d8ddc9e221c0db65b0ebdfebe4d7a10cfa22ae05e

Download Submit