04319cae0935042db7db11d81c140502d06cb9395e99d793e515fd4dac7c72cc

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 22:21

Target

家庭收支记账理财宝/MyMoney.exe
Size

729KB
MD5

10a3a58a11d12c3da49e5d1acdaab985
SHA1

d0bf49e4e848aff83af43ef985b3058033d018bf
SHA256

dca9d68c745b1939437a2cb733902d2dc50bdafb5c880a870506c1623c6c1b19
SHA512

e9f2ba31e4a4f7b7397dfb944f4d7bdd1c7fd1b8caba47b5a61dcd5192db541f24afa60ac37048acca01c71eba60cba3f39eae406e6ce8df130d93a1304b10c9
SSDEEP

12288:wtfqSZDExLIdMC8vd9xXQrZusjSyCWJaI09SGH5T8A1BK1/Y+9gK5ROl0Tjj0ik5:wtfjZDmIMnnFK8svCWJa5LHNL1gm+9F8

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2176	2344	WerFault.exe	14

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2176	2344	MyMoney.exe	15
PID 2344 wrote to memory of 2176	2344	MyMoney.exe	15
PID 2344 wrote to memory of 2176	2344	MyMoney.exe	15
PID 2344 wrote to memory of 2176	2344	MyMoney.exe	15

C:\Users\Admin\AppData\Local\Temp\家庭收支记账理财宝\MyMoney.exe
"C:\Users\Admin\AppData\Local\Temp\家庭收支记账理财宝\MyMoney.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 184
  2⤵
  - Program crash
  PID:2176

memory/2344-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2344-1-0x0000000000400000-0x0000000000638000-memory.dmp

Filesize
2.2MB

Download