d61b425d07766af324f1fca77a057cd4f1a4b150b2ca0b0e22b17f7958edde98

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
18/08/2023, 04:31

Target

d61b425d07766af324f1fca77a057cd4f1a4b150b2ca0b0e22b17f7958edde98.exe
Size

11.5MB
MD5

0143dc5b779883e0ccefd00ddcfa82f7
SHA1

a141a3506fbaa9416f0dd3dc5804b17dfc2867e1
SHA256

d61b425d07766af324f1fca77a057cd4f1a4b150b2ca0b0e22b17f7958edde98
SHA512

645b16c99c837c1383742b5f14e7f31d8955aecbc37d9cf00454d12d74527be8addc75318b825b967085ea07e5ac54a164904ea4874299f0cd41bba3e845ff93
SSDEEP

196608:6Bli2XykeihBWeFXy+IFTYMjcg0+JNNc1ZrLWkX+WmW4s4:PNHcBWeFXOlRjv0+J69LWk3m1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2136	2620	WerFault.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2620	d61b425d07766af324f1fca77a057cd4f1a4b150b2ca0b0e22b17f7958edde98.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 2136	2620	d61b425d07766af324f1fca77a057cd4f1a4b150b2ca0b0e22b17f7958edde98.exe	28
PID 2620 wrote to memory of 2136	2620	d61b425d07766af324f1fca77a057cd4f1a4b150b2ca0b0e22b17f7958edde98.exe	28
PID 2620 wrote to memory of 2136	2620	d61b425d07766af324f1fca77a057cd4f1a4b150b2ca0b0e22b17f7958edde98.exe	28
PID 2620 wrote to memory of 2136	2620	d61b425d07766af324f1fca77a057cd4f1a4b150b2ca0b0e22b17f7958edde98.exe	28

C:\Users\Admin\AppData\Local\Temp\d61b425d07766af324f1fca77a057cd4f1a4b150b2ca0b0e22b17f7958edde98.exe
"C:\Users\Admin\AppData\Local\Temp\d61b425d07766af324f1fca77a057cd4f1a4b150b2ca0b0e22b17f7958edde98.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 284
  2⤵
  - Program crash
  PID:2136