12725195dc7e173a47e869b00ee844ddb132476d787d30cd0b98a19f858d349f

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 01:04

Target

09776e954f67f5ae2dba1324df1f4e00.exe
Size

87KB
MD5

09776e954f67f5ae2dba1324df1f4e00
SHA1

fa1b253551597859dce39e2c0bca2840f17fb7bc
SHA256

12725195dc7e173a47e869b00ee844ddb132476d787d30cd0b98a19f858d349f
SHA512

cda3e0a400cc2292b1d8f8c5a652ca2df6e83c3ae57507338e7dee87a6444d4b7c3e803e147242fe80ae2a2eec1db53ac1e33fa10b3e0fde80af18fb40e10c47
SSDEEP

1536:mGC+b3eA9SRD2Ev2uOHh2VWNaM8OHPvg+f2UeSyl1GlrKXlQfNULOt7frJbXYCSp:xt9mSEuuc2U98OHiUeSyrdQfNqO1jJLo

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3064	tmp.tmp.tmp1

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\tmp.tmp.tmp1	09776e954f67f5ae2dba1324df1f4e00.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2060	3064	WerFault.exe	14

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1668	09776e954f67f5ae2dba1324df1f4e00.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 3064	1668	09776e954f67f5ae2dba1324df1f4e00.exe	14
PID 1668 wrote to memory of 3064	1668	09776e954f67f5ae2dba1324df1f4e00.exe	14
PID 1668 wrote to memory of 3064	1668	09776e954f67f5ae2dba1324df1f4e00.exe	14
PID 1668 wrote to memory of 3064	1668	09776e954f67f5ae2dba1324df1f4e00.exe	14
PID 3064 wrote to memory of 2060	3064	tmp.tmp.tmp1	29
PID 3064 wrote to memory of 2060	3064	tmp.tmp.tmp1	29
PID 3064 wrote to memory of 2060	3064	tmp.tmp.tmp1	29
PID 3064 wrote to memory of 2060	3064	tmp.tmp.tmp1	29

C:\Windows\tmp.tmp.tmp1
C:\Windows\tmp.tmp.tmp1
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 88
  2⤵
  - Program crash
  PID:2060

C:\Windows\tmp.tmp.tmp1

Filesize
59KB

MD5
9c17ca935aa81f0470d150cd13a60ec7

SHA1
b55ad071ce9ae9eddeaa483edd90eb299d89072b

SHA256
65e711816571f7f0c86230cab8c18fce542f986530e7385c8a397870924f81da

SHA512
a98dc4fa3743cceac8bfa7684d8a99d1fe7cb886d699237d0d1aa728c55ae6e3c1c13ecaacab48ac02fa4fa2bab7225814c7259d8b08aabd68de8e92d9edfc87

Download Submit
memory/1668-1-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1668-7-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/1668-12-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/1668-14-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3064-13-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download