71c8a2244f7f41437f63186040457ca975acc29cb91df68060deef53ac572eee

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 08:03

Target

5e3e46cb59a050a1f66bd0dbc8ffa294.exe
Size

673KB
MD5

5e3e46cb59a050a1f66bd0dbc8ffa294
SHA1

2b29fc9b3c81be9d6e913f9b9859fd5de3225b88
SHA256

71c8a2244f7f41437f63186040457ca975acc29cb91df68060deef53ac572eee
SHA512

06ab23c0eab746461f8af94fedc1533cad6b4ffb3cbc8458d9f1d29c8b867b34a04794a0befb0c4d04264b3382ad96e17b0132546b436a4c8030e204aa7d82bc
SSDEEP

12288:yoeewslITBd47GLRMTb7bDgFX8vwq2VWS9YuJp5n+DOZ:veHslGd474mf7bDAX8v54dYur5nMOZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2996	3044	WerFault.exe	1

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3044	5e3e46cb59a050a1f66bd0dbc8ffa294.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2932	3044	5e3e46cb59a050a1f66bd0dbc8ffa294.exe	19
PID 3044 wrote to memory of 2932	3044	5e3e46cb59a050a1f66bd0dbc8ffa294.exe	19
PID 3044 wrote to memory of 2932	3044	5e3e46cb59a050a1f66bd0dbc8ffa294.exe	19
PID 3044 wrote to memory of 2932	3044	5e3e46cb59a050a1f66bd0dbc8ffa294.exe	19
PID 3044 wrote to memory of 2932	3044	5e3e46cb59a050a1f66bd0dbc8ffa294.exe	19
PID 3044 wrote to memory of 2932	3044	5e3e46cb59a050a1f66bd0dbc8ffa294.exe	19
PID 3044 wrote to memory of 2932	3044	5e3e46cb59a050a1f66bd0dbc8ffa294.exe	19
PID 3044 wrote to memory of 2996	3044	5e3e46cb59a050a1f66bd0dbc8ffa294.exe	18
PID 3044 wrote to memory of 2996	3044	5e3e46cb59a050a1f66bd0dbc8ffa294.exe	18
PID 3044 wrote to memory of 2996	3044	5e3e46cb59a050a1f66bd0dbc8ffa294.exe	18
PID 3044 wrote to memory of 2996	3044	5e3e46cb59a050a1f66bd0dbc8ffa294.exe	18

C:\Users\Admin\AppData\Local\Temp\5e3e46cb59a050a1f66bd0dbc8ffa294.exe
"C:\Users\Admin\AppData\Local\Temp\5e3e46cb59a050a1f66bd0dbc8ffa294.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 192
  2⤵
  - Program crash
  PID:2996
- C:\Users\Admin\AppData\Local\Temp\5e3e46cb59a050a1f66bd0dbc8ffa294.exe
  C:\Users\Admin\AppData\Local\Temp/5e3e46cb59a050a1f66bd0dbc8ffa294.exe
  2⤵
  PID:2932

memory/3044-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3044-3-0x00000000001C0000-0x00000000001CA000-memory.dmp

Filesize
40KB

Download
memory/3044-4-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3044-5-0x00000000001C0000-0x00000000001CA000-memory.dmp

Filesize
40KB

Download