3a936d99f08f3b90f46a7afaa9b71fe94715fe157b003d99c075375b4e84e6a4

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 02:54

Target

7eb195fd0bcd54f08a0b0a85217a5d7a.exe
Size

35KB
MD5

7eb195fd0bcd54f08a0b0a85217a5d7a
SHA1

b8a2dd13c113c83e20e9f13986e18c8dddc69041
SHA256

3a936d99f08f3b90f46a7afaa9b71fe94715fe157b003d99c075375b4e84e6a4
SHA512

6755e1ab5c7313fb5eb591a0329e0e64064b085d16b182250a38f034b5b18ab8d78175d9cdd432f544202eef051f21747ace4826d293994e46d11d003f574c42
SSDEEP

384:MoCK2a3snFD3LRxQDef+KZIrbeZ1HKXAwgOQ5LqlStRMjHEWGMSm7VDf4NHrrXSS:M/Kf3e714yrsDfEH/rFCQ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2604	624	WerFault.exe	14

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
624	7eb195fd0bcd54f08a0b0a85217a5d7a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 2604	624	7eb195fd0bcd54f08a0b0a85217a5d7a.exe	15
PID 624 wrote to memory of 2604	624	7eb195fd0bcd54f08a0b0a85217a5d7a.exe	15
PID 624 wrote to memory of 2604	624	7eb195fd0bcd54f08a0b0a85217a5d7a.exe	15
PID 624 wrote to memory of 2604	624	7eb195fd0bcd54f08a0b0a85217a5d7a.exe	15

C:\Users\Admin\AppData\Local\Temp\7eb195fd0bcd54f08a0b0a85217a5d7a.exe
"C:\Users\Admin\AppData\Local\Temp\7eb195fd0bcd54f08a0b0a85217a5d7a.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:624
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 188
  2⤵
  - Program crash
  PID:2604