5870ae38c54f68af174459d54c3c87c4577ee0746093e40f416892dc9139d654

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 03:05

Target

5870ae38c54f68af174459d54c3c87c4577ee0746093e40f416892dc9139d654.exe
Size

3.3MB
MD5

33d328f68b6f9f8d217fe228eafa7e2d
SHA1

ae1f1865393d96c21a46f3b6adeb5522f9410e3a
SHA256

5870ae38c54f68af174459d54c3c87c4577ee0746093e40f416892dc9139d654
SHA512

fdee585b301aa6f326097004779f5720b842e0375764f2dfbfb3aa5fd96f8d56bdb44aece2dc5cb5b13248d681610e2d916b6b026ca9252210110431ba4accd9
SSDEEP

98304:BkHhpwSztZtABCB4MXr2We+Ai22zoayxt4lm:4ASztZtA61vAisz4lm

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2804	2184	WerFault.exe	27

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2184	5870ae38c54f68af174459d54c3c87c4577ee0746093e40f416892dc9139d654.exe
2184	5870ae38c54f68af174459d54c3c87c4577ee0746093e40f416892dc9139d654.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2804	2184	5870ae38c54f68af174459d54c3c87c4577ee0746093e40f416892dc9139d654.exe	28
PID 2184 wrote to memory of 2804	2184	5870ae38c54f68af174459d54c3c87c4577ee0746093e40f416892dc9139d654.exe	28
PID 2184 wrote to memory of 2804	2184	5870ae38c54f68af174459d54c3c87c4577ee0746093e40f416892dc9139d654.exe	28
PID 2184 wrote to memory of 2804	2184	5870ae38c54f68af174459d54c3c87c4577ee0746093e40f416892dc9139d654.exe	28

C:\Users\Admin\AppData\Local\Temp\5870ae38c54f68af174459d54c3c87c4577ee0746093e40f416892dc9139d654.exe
"C:\Users\Admin\AppData\Local\Temp\5870ae38c54f68af174459d54c3c87c4577ee0746093e40f416892dc9139d654.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 336
  2⤵
  - Program crash
  PID:2804