506b6ce1b7c2300b523d6f6198f4f2d6d3816ab13c75800809b3b0e32d9d6e06

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 02:56

Target

014eef4ce17bf780f6a4663fdd3b4b38.exe
Size

76KB
MD5

014eef4ce17bf780f6a4663fdd3b4b38
SHA1

e14f57f468443e6ee30e9a013cd1bd729fa7c83f
SHA256

506b6ce1b7c2300b523d6f6198f4f2d6d3816ab13c75800809b3b0e32d9d6e06
SHA512

4becd26509cf72a2d936234e84f15cdf4a9b96f35af0b8fa9662ccba96a4e91c6cf7c70ae9c2bc860a706339ca0d889389255255c7dc77ad670c979779310e6a
SSDEEP

768:zv8SwcJWbh1GFLfX74ihZ4wFIYg2Z+iWnOZE7F0LyhspOZE77:z8cJkoFLP7BZ4OIdABWl0L6+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1900	2132	WerFault.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2132	014eef4ce17bf780f6a4663fdd3b4b38.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 1900	2132	014eef4ce17bf780f6a4663fdd3b4b38.exe	28
PID 2132 wrote to memory of 1900	2132	014eef4ce17bf780f6a4663fdd3b4b38.exe	28
PID 2132 wrote to memory of 1900	2132	014eef4ce17bf780f6a4663fdd3b4b38.exe	28
PID 2132 wrote to memory of 1900	2132	014eef4ce17bf780f6a4663fdd3b4b38.exe	28

C:\Users\Admin\AppData\Local\Temp\014eef4ce17bf780f6a4663fdd3b4b38.exe
"C:\Users\Admin\AppData\Local\Temp\014eef4ce17bf780f6a4663fdd3b4b38.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 188
  2⤵
  - Program crash
  PID:1900