3fe57539bb4d405aabd0a54e99ab275531b2a83f0df42deeee862963971d384d

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
03-11-2023 02:43

Target

3fe57539bb4d405aabd0a54e99ab275531b2a83f0df42deeee862963971d384d.exe
Size

36KB
MD5

43b1ac7ab8efc7c0a1880ab60ad3664d
SHA1

683ffe3a0d77cc8538c3f32e80e4590745a42734
SHA256

3fe57539bb4d405aabd0a54e99ab275531b2a83f0df42deeee862963971d384d
SHA512

4183fa948eaf5810e73ce6488a60aaee3f111572b3c655ee3f1787babcfb241d981184744be897108992651d2b0648bd33c465be53d5cfdd358037196347b361
SSDEEP

192:AtkaW8MlgJNJNgVxhKO1RCSBCvU1RcP1oynznnUS5hn5tbuKzVKwCldf:HPlgHJOxzoSpE1ZnUS1tbuK5Pmd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2268	1764	WerFault.exe	15

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1764	3fe57539bb4d405aabd0a54e99ab275531b2a83f0df42deeee862963971d384d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 2268	1764	3fe57539bb4d405aabd0a54e99ab275531b2a83f0df42deeee862963971d384d.exe	28
PID 1764 wrote to memory of 2268	1764	3fe57539bb4d405aabd0a54e99ab275531b2a83f0df42deeee862963971d384d.exe	28
PID 1764 wrote to memory of 2268	1764	3fe57539bb4d405aabd0a54e99ab275531b2a83f0df42deeee862963971d384d.exe	28
PID 1764 wrote to memory of 2268	1764	3fe57539bb4d405aabd0a54e99ab275531b2a83f0df42deeee862963971d384d.exe	28

C:\Users\Admin\AppData\Local\Temp\3fe57539bb4d405aabd0a54e99ab275531b2a83f0df42deeee862963971d384d.exe
"C:\Users\Admin\AppData\Local\Temp\3fe57539bb4d405aabd0a54e99ab275531b2a83f0df42deeee862963971d384d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 780
  2⤵
  - Program crash
  PID:2268