17c22b76f6d77b9093d7698dcf4506533405a8ee8e7b640eecedcf49ac934e89

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 17:20

Target

MINI KeyBoard-英文/app.publish/MINI KeyBoard.exe
Size

212KB
MD5

c5344f6a89f725c2ed7631e90ec8e996
SHA1

4c0c4c8debebe804602411bbe7cff479d5061238
SHA256

cd20ac6e9ca5d6786acd8ae1a7240420a8f838d79f5d2c5ca7dc5dce2d5c6385
SHA512

cf06295fd3f5e65be8930b24e49d82d91416c95e2afe5e7910a1e00e9e9e69e961f54881b69a4d9f554053117892f4468028b839504167ad7bf2dc18a4cfa69b
SSDEEP

3072:liGK8Gi/YpnOVjKRAPW9MLy5oUle3QhazcNfEtGr02v5bk1uHgxqDWwf/Ypi7EVG:QGmR/cYJ0yBcyryuSd0QrXO+rN

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1528	1180	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 1528	1180	MINI KeyBoard.exe	28
PID 1180 wrote to memory of 1528	1180	MINI KeyBoard.exe	28
PID 1180 wrote to memory of 1528	1180	MINI KeyBoard.exe	28
PID 1180 wrote to memory of 1528	1180	MINI KeyBoard.exe	28

C:\Users\Admin\AppData\Local\Temp\MINI KeyBoard-英文\app.publish\MINI KeyBoard.exe
"C:\Users\Admin\AppData\Local\Temp\MINI KeyBoard-英文\app.publish\MINI KeyBoard.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 556
  2⤵
  - Program crash
  PID:1528

memory/1180-1-0x0000000074260000-0x000000007494E000-memory.dmp

Filesize
6.9MB

Download
memory/1180-0-0x0000000000D50000-0x0000000000D8A000-memory.dmp

Filesize
232KB

Download
memory/1180-2-0x0000000074260000-0x000000007494E000-memory.dmp

Filesize
6.9MB

Download