0d7669576551e6fb7e62d8bb8c0f1d9ab8231c43325d37f60e790a3a976b441a

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2023, 13:55

Target

c29f3cb08dfc72exeexeexeex.exe
Size

240KB
MD5

c29f3cb08dfc72b2aca3188152def760
SHA1

c8b06cc2c1d0181f07dc31610abec7adea5d9af9
SHA256

0d7669576551e6fb7e62d8bb8c0f1d9ab8231c43325d37f60e790a3a976b441a
SHA512

aa81442eb2ea04a2448dfecb6e4b2566132511d8507ae85662a0f4ee64abbafdc9d0c709998a3093db7128d96d9259793116529e18df98b72520461bfd536db2
SSDEEP

3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4876	.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\.exe	c29f3cb08dfc72exeexeexeex.exe
File opened for modification	C:\Program Files\.exe	c29f3cb08dfc72exeexeexeex.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2864	364	WerFault.exe	82
1104	364	WerFault.exe	82

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 364 wrote to memory of 4876	364	c29f3cb08dfc72exeexeexeex.exe	84
PID 364 wrote to memory of 4876	364	c29f3cb08dfc72exeexeexeex.exe	84
PID 364 wrote to memory of 4876	364	c29f3cb08dfc72exeexeexeex.exe	84

C:\Users\Admin\AppData\Local\Temp\c29f3cb08dfc72exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\c29f3cb08dfc72exeexeexeex.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:364
- C:\Program Files\.exe
  "C:\Program Files\\.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4876
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 1012
  2⤵
  - Program crash
  PID:2864
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 1040
  2⤵
  - Program crash
  PID:1104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 364 -ip 364
1⤵
PID:2764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 364 -ip 364
1⤵
PID:3408

C:\Program Files\.exe

Filesize
240KB

MD5
cd8c2293e526d7f83217f29f3f04882e

SHA1
022161be7093b31f896e2977e2bf9a1484b68da5

SHA256
c12c7c614746b82c8dec7fbc82e62a5eacd32dc3e253691adc42dbfc0b252db4

SHA512
e75797d8643450ca9493042f69a774043782003047a3f47200943ec6fa8114ac1513a081ffad68b4e80769d2260876938c31aaedad3c6e884b7c7b3566ee8633

Download Submit
C:\Program Files\.exe

Filesize
240KB

MD5
cd8c2293e526d7f83217f29f3f04882e

SHA1
022161be7093b31f896e2977e2bf9a1484b68da5

SHA256
c12c7c614746b82c8dec7fbc82e62a5eacd32dc3e253691adc42dbfc0b252db4

SHA512
e75797d8643450ca9493042f69a774043782003047a3f47200943ec6fa8114ac1513a081ffad68b4e80769d2260876938c31aaedad3c6e884b7c7b3566ee8633

Download Submit