316e6efa74e72527ab2d99065c08f2e4b4877aab7837c09fc0c502db01237f3a

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 09:22

Target

145d52139b067fc41741e63e0bfa3eb9.exe
Size

156KB
MD5

145d52139b067fc41741e63e0bfa3eb9
SHA1

6381f3bfb5d34731cc2b301de4cb34cc4a933ead
SHA256

316e6efa74e72527ab2d99065c08f2e4b4877aab7837c09fc0c502db01237f3a
SHA512

447bcb2eef15c04af9794a6df3d1648589e49ea1edef5ae92f3592835d22f2e95c67d8b75d0c3fe607f20e71e2c07223732981637dd9c3b388657f68e8fe0d08
SSDEEP

3072:QBd12E2MtU7Qv0w4ZRRQMMDwtIMCeFP4ANA4oQZiEh+W:SdME2R7Qvb4tQTaCeFP4A+WT3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2372	2364	WerFault.exe	8

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2364	145d52139b067fc41741e63e0bfa3eb9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2372	2364	145d52139b067fc41741e63e0bfa3eb9.exe	17
PID 2364 wrote to memory of 2372	2364	145d52139b067fc41741e63e0bfa3eb9.exe	17
PID 2364 wrote to memory of 2372	2364	145d52139b067fc41741e63e0bfa3eb9.exe	17
PID 2364 wrote to memory of 2372	2364	145d52139b067fc41741e63e0bfa3eb9.exe	17

C:\Users\Admin\AppData\Local\Temp\145d52139b067fc41741e63e0bfa3eb9.exe
"C:\Users\Admin\AppData\Local\Temp\145d52139b067fc41741e63e0bfa3eb9.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 188
  2⤵
  - Program crash
  PID:2372