96d91807c988f8551f873a41b931d145d6e879fbce0caefa6187c6276c8d6766

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 03:04

Target

25a6719eeaa3f66950c1cea4fb38bce8.exe
Size

236KB
MD5

25a6719eeaa3f66950c1cea4fb38bce8
SHA1

2feb899c647988f0b5eacdf52acc9868fc8096c9
SHA256

96d91807c988f8551f873a41b931d145d6e879fbce0caefa6187c6276c8d6766
SHA512

a93cb2b7029b1dccaee818f0b33b9610d06e45ad1e0caeefb723ad235f1ff0d86ad31c026e8f068f6067c7b22d96c5e2c62d9418c606915e60b2ce782393e775
SSDEEP

6144:n5aXZk3vnS/Gi+YdQEp9szHR8uBAoE0EOIp5J+A:Upk3vnS/Gi+YdQEp9szHR8uBAotSwA

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2944	3064	WerFault.exe	14

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3064	25a6719eeaa3f66950c1cea4fb38bce8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2944	3064	25a6719eeaa3f66950c1cea4fb38bce8.exe	28
PID 3064 wrote to memory of 2944	3064	25a6719eeaa3f66950c1cea4fb38bce8.exe	28
PID 3064 wrote to memory of 2944	3064	25a6719eeaa3f66950c1cea4fb38bce8.exe	28
PID 3064 wrote to memory of 2944	3064	25a6719eeaa3f66950c1cea4fb38bce8.exe	28

C:\Users\Admin\AppData\Local\Temp\25a6719eeaa3f66950c1cea4fb38bce8.exe
"C:\Users\Admin\AppData\Local\Temp\25a6719eeaa3f66950c1cea4fb38bce8.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 188
  2⤵
  - Program crash
  PID:2944