02b5c614bbbf7e43b3c81eca052521499976c35a1cd05edfad0eae3ca54ef29f

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 07:40

Target

b429b1b3a5d4d69b80d889133837ccab.exe
Size

253KB
MD5

b429b1b3a5d4d69b80d889133837ccab
SHA1

e9b66f905ad0ea46532256e62c9ea1efda919101
SHA256

02b5c614bbbf7e43b3c81eca052521499976c35a1cd05edfad0eae3ca54ef29f
SHA512

754746f732decb73d55a6efc9a83fb034b4109b307c3976daec3485365838ac54df0d201a1438cb70011200cacfb4a01dff306e1a40528b4e2359629161e2198
SSDEEP

6144:emvk/UfYt4Myd7WYay43KVAkCigZHdDr4U:emkMMxyd7WYaFGCBZNr4U

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2896	1912	WerFault.exe	27

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1912	b429b1b3a5d4d69b80d889133837ccab.exe
1912	b429b1b3a5d4d69b80d889133837ccab.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 2896	1912	b429b1b3a5d4d69b80d889133837ccab.exe	28
PID 1912 wrote to memory of 2896	1912	b429b1b3a5d4d69b80d889133837ccab.exe	28
PID 1912 wrote to memory of 2896	1912	b429b1b3a5d4d69b80d889133837ccab.exe	28
PID 1912 wrote to memory of 2896	1912	b429b1b3a5d4d69b80d889133837ccab.exe	28

C:\Users\Admin\AppData\Local\Temp\b429b1b3a5d4d69b80d889133837ccab.exe
"C:\Users\Admin\AppData\Local\Temp\b429b1b3a5d4d69b80d889133837ccab.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 300
  2⤵
  - Program crash
  PID:2896

memory/1912-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1912-1-0x0000000000220000-0x000000000025E000-memory.dmp

Filesize
248KB

Download
memory/1912-2-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1912-3-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1912-6-0x0000000000260000-0x0000000000298000-memory.dmp

Filesize
224KB

Download
memory/1912-4-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1912-7-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1912-8-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1912-9-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1912-11-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download