3bd9b54f999ce0089032b142507a53ac6fb777902f00a1b2c3ec4ad069a1d8a5

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/12/2023, 10:35

Target

08f6c8de809beb09b775631cb92f4a94.exe
Size

122KB
MD5

08f6c8de809beb09b775631cb92f4a94
SHA1

c1eefb5a11b4a5b64dabe515acbc75c9046b6325
SHA256

3bd9b54f999ce0089032b142507a53ac6fb777902f00a1b2c3ec4ad069a1d8a5
SHA512

7e40e7fd8cd0ab5c9b9b89fc9c88cfe45d5dcb68cad6b1b9c5dce9774e64656c8a0828dd78743505f17e157d7f58b77d7716a32723e1940196b0f14d1a05bd9f
SSDEEP

768:SUrRIr1Rnc/XOXVLW2qZ1RisVDaWGNMMMNMUF7//mk8KacrZxbjARZOtIxfc7/ZP:H6vcvwNWhZ1X7//mkjZxbURZOixfc7x

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3048	1244	WerFault.exe	16

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1244	08f6c8de809beb09b775631cb92f4a94.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 3048	1244	08f6c8de809beb09b775631cb92f4a94.exe	28
PID 1244 wrote to memory of 3048	1244	08f6c8de809beb09b775631cb92f4a94.exe	28
PID 1244 wrote to memory of 3048	1244	08f6c8de809beb09b775631cb92f4a94.exe	28
PID 1244 wrote to memory of 3048	1244	08f6c8de809beb09b775631cb92f4a94.exe	28

C:\Users\Admin\AppData\Local\Temp\08f6c8de809beb09b775631cb92f4a94.exe
"C:\Users\Admin\AppData\Local\Temp\08f6c8de809beb09b775631cb92f4a94.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 220
  2⤵
  - Program crash
  PID:3048