132457087d89b60ec3fcccafeee4c779f2cfda3d5a2bee233e5fdb04eb885370

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
08/10/2023, 13:21

Target

132457087d89b60ec3fcccafeee4c779f2cfda3d5a2bee233e5fdb04eb885370.exe
Size

2.3MB
MD5

95054516c3be431b2470f7d068a4d555
SHA1

aa39766baa0bc36f31194e0985c8f0d8bfb10e54
SHA256

132457087d89b60ec3fcccafeee4c779f2cfda3d5a2bee233e5fdb04eb885370
SHA512

71301d8840b83ab4a9155a8c4cadf8f42fb1787ecb9382f875e7b0fa496c82dca91cedf0de9bbc8d630abe1a49679e831ae99a6bf06c4e09349c5d3a86eff3d8
SSDEEP

49152:Po39aKLgsgZj3F4+s8KuqGaX0ToIBAUZLYB:A3YKLfgZFJBAUZLm

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2700	1560	WerFault.exe	27

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1560	132457087d89b60ec3fcccafeee4c779f2cfda3d5a2bee233e5fdb04eb885370.exe
1560	132457087d89b60ec3fcccafeee4c779f2cfda3d5a2bee233e5fdb04eb885370.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1560 wrote to memory of 2700	1560	132457087d89b60ec3fcccafeee4c779f2cfda3d5a2bee233e5fdb04eb885370.exe	29
PID 1560 wrote to memory of 2700	1560	132457087d89b60ec3fcccafeee4c779f2cfda3d5a2bee233e5fdb04eb885370.exe	29
PID 1560 wrote to memory of 2700	1560	132457087d89b60ec3fcccafeee4c779f2cfda3d5a2bee233e5fdb04eb885370.exe	29
PID 1560 wrote to memory of 2700	1560	132457087d89b60ec3fcccafeee4c779f2cfda3d5a2bee233e5fdb04eb885370.exe	29

C:\Users\Admin\AppData\Local\Temp\132457087d89b60ec3fcccafeee4c779f2cfda3d5a2bee233e5fdb04eb885370.exe
"C:\Users\Admin\AppData\Local\Temp\132457087d89b60ec3fcccafeee4c779f2cfda3d5a2bee233e5fdb04eb885370.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1560
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 296
  2⤵
  - Program crash
  PID:2700