8743c77504595336bbb6e0346ce7db37d03234d139acdca06e35de6cb3b4875b

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
16/08/2023, 20:05 UTC

Target

8743c77504595336bbb6e0346ce7db37d03234d139acdca06e35de6cb3b4875b.exe
Size

4.0MB
MD5

2a6044e0f21f6fc843ec391b4be70322
SHA1

1356af8878b1aa97c079c70442912ca1eaea3578
SHA256

8743c77504595336bbb6e0346ce7db37d03234d139acdca06e35de6cb3b4875b
SHA512

d22bcaefd8ddcbe1305fe650614b7b6a4e67f5e024ad040924769b68191ef786a17a58cbd50bd0ec70a753a4e443ada7ce806568f1d439da145b54f576da75ed
SSDEEP

49152:iiJH9jBiJDe6RvD3E22VXVscK0oKdTH4AUKn8iKfIMKMdIz+s8KuqGaX0ToIBAUQ:LJH1Bixe2Lts6uip5iKIlIJBAUZLz2

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2472	2388	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2388	8743c77504595336bbb6e0346ce7db37d03234d139acdca06e35de6cb3b4875b.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2388	8743c77504595336bbb6e0346ce7db37d03234d139acdca06e35de6cb3b4875b.exe
2388	8743c77504595336bbb6e0346ce7db37d03234d139acdca06e35de6cb3b4875b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2472	2388	8743c77504595336bbb6e0346ce7db37d03234d139acdca06e35de6cb3b4875b.exe	30
PID 2388 wrote to memory of 2472	2388	8743c77504595336bbb6e0346ce7db37d03234d139acdca06e35de6cb3b4875b.exe	30
PID 2388 wrote to memory of 2472	2388	8743c77504595336bbb6e0346ce7db37d03234d139acdca06e35de6cb3b4875b.exe	30
PID 2388 wrote to memory of 2472	2388	8743c77504595336bbb6e0346ce7db37d03234d139acdca06e35de6cb3b4875b.exe	30

C:\Users\Admin\AppData\Local\Temp\8743c77504595336bbb6e0346ce7db37d03234d139acdca06e35de6cb3b4875b.exe
"C:\Users\Admin\AppData\Local\Temp\8743c77504595336bbb6e0346ce7db37d03234d139acdca06e35de6cb3b4875b.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 472
  2⤵
  - Program crash
  PID:2472