21ffd1919a62df4296c4a5c1e02fa50434c68dd4fc578bc3b061686862f5b930

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 14:45

Target

467ec4c09641f0ce87428b5afe428eef.exe
Size

196KB
MD5

467ec4c09641f0ce87428b5afe428eef
SHA1

1abbfad996195cb90362a74ba578fe01e5e50171
SHA256

21ffd1919a62df4296c4a5c1e02fa50434c68dd4fc578bc3b061686862f5b930
SHA512

6058cfe788a71565110739aae7b67c352a2f58cc93d8d023823afb530ca221b7a303d880b9b80cf3a2955faed2c5156064dbff93d2bc06b8c205782d4c8bd039
SSDEEP

3072:9oqf1cFw2s45VYkECx673kN0GNMLc5LAf9S0tuUBcDa9FK4:9RouDCx673kNbMLhJc0I4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2220	1920	WerFault.exe	14

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1920	467ec4c09641f0ce87428b5afe428eef.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 2220	1920	467ec4c09641f0ce87428b5afe428eef.exe	17
PID 1920 wrote to memory of 2220	1920	467ec4c09641f0ce87428b5afe428eef.exe	17
PID 1920 wrote to memory of 2220	1920	467ec4c09641f0ce87428b5afe428eef.exe	17
PID 1920 wrote to memory of 2220	1920	467ec4c09641f0ce87428b5afe428eef.exe	17

C:\Users\Admin\AppData\Local\Temp\467ec4c09641f0ce87428b5afe428eef.exe
"C:\Users\Admin\AppData\Local\Temp\467ec4c09641f0ce87428b5afe428eef.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 196
  2⤵
  - Program crash
  PID:2220