71c8a2244f7f41437f63186040457ca975acc29cb91df68060deef53ac572eee

Analysis

max time kernel
135s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 08:03

Target

5e3e46cb59a050a1f66bd0dbc8ffa294.exe
Size

673KB
MD5

5e3e46cb59a050a1f66bd0dbc8ffa294
SHA1

2b29fc9b3c81be9d6e913f9b9859fd5de3225b88
SHA256

71c8a2244f7f41437f63186040457ca975acc29cb91df68060deef53ac572eee
SHA512

06ab23c0eab746461f8af94fedc1533cad6b4ffb3cbc8458d9f1d29c8b867b34a04794a0befb0c4d04264b3382ad96e17b0132546b436a4c8030e204aa7d82bc
SSDEEP

12288:yoeewslITBd47GLRMTb7bDgFX8vwq2VWS9YuJp5n+DOZ:veHslGd474mf7bDAX8v54dYur5nMOZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3768	2268	WerFault.exe	87

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2268	5e3e46cb59a050a1f66bd0dbc8ffa294.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 4644	2268	5e3e46cb59a050a1f66bd0dbc8ffa294.exe	91
PID 2268 wrote to memory of 4644	2268	5e3e46cb59a050a1f66bd0dbc8ffa294.exe	91
PID 2268 wrote to memory of 4644	2268	5e3e46cb59a050a1f66bd0dbc8ffa294.exe	91
PID 2268 wrote to memory of 4644	2268	5e3e46cb59a050a1f66bd0dbc8ffa294.exe	91
PID 2268 wrote to memory of 4644	2268	5e3e46cb59a050a1f66bd0dbc8ffa294.exe	91
PID 2268 wrote to memory of 4644	2268	5e3e46cb59a050a1f66bd0dbc8ffa294.exe	91

C:\Users\Admin\AppData\Local\Temp\5e3e46cb59a050a1f66bd0dbc8ffa294.exe
"C:\Users\Admin\AppData\Local\Temp\5e3e46cb59a050a1f66bd0dbc8ffa294.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Users\Admin\AppData\Local\Temp\5e3e46cb59a050a1f66bd0dbc8ffa294.exe
  C:\Users\Admin\AppData\Local\Temp/5e3e46cb59a050a1f66bd0dbc8ffa294.exe
  2⤵
  PID:4644
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 480
  2⤵
  - Program crash
  PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2268 -ip 2268
1⤵
PID:3864

memory/2268-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2268-3-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download