82a331feea20d71adb2e5618ddae3379d41ef97bdaba47f4bdecf842287c337f

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 06:08

Target

7c580059d236d7ec1c6f62e1bfe2fb50.exe
Size

24KB
MD5

7c580059d236d7ec1c6f62e1bfe2fb50
SHA1

22b0d561711e396632f13b0b8bbe2f32fd410f77
SHA256

82a331feea20d71adb2e5618ddae3379d41ef97bdaba47f4bdecf842287c337f
SHA512

6fd227269d8431dad2d43ff928201038dcc260071fda4ef35ba1bb1218e4d4401aa55ecd4759c7b08cd9e175f466dce50584c8ed47d0b3ec8c9801d0a232ff25
SSDEEP

192:/T+bm37OFOe6G5DCeuKh2Uhk3B6vm/DDDn1MOFOe614:/T+bE7OFL5DluG2U2Q0DDn1MOFa4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2620	1364	WerFault.exe	1

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1364	7c580059d236d7ec1c6f62e1bfe2fb50.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 2620	1364	7c580059d236d7ec1c6f62e1bfe2fb50.exe	28
PID 1364 wrote to memory of 2620	1364	7c580059d236d7ec1c6f62e1bfe2fb50.exe	28
PID 1364 wrote to memory of 2620	1364	7c580059d236d7ec1c6f62e1bfe2fb50.exe	28
PID 1364 wrote to memory of 2620	1364	7c580059d236d7ec1c6f62e1bfe2fb50.exe	28

C:\Users\Admin\AppData\Local\Temp\7c580059d236d7ec1c6f62e1bfe2fb50.exe
"C:\Users\Admin\AppData\Local\Temp\7c580059d236d7ec1c6f62e1bfe2fb50.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 224
  2⤵
  - Program crash
  PID:2620

memory/1364-0-0x0000000000400000-0x0000000000405B70-memory.dmp

Filesize
22KB

Download