8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 14:57 UTC

Target

8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe
Size

2.5MB
MD5

145fb0a72ca3799c22a451683b0b6d38
SHA1

9ee456116c6da2d416b078ecc70008f1682be605
SHA256

8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f
SHA512

566ff9bc201d8fb0552fb9a473a780339b04e7c4d7083f3d18a3fbd705493c4af7a06da7e89e3c4a50e9acb6dd8c5c595511c924a2b1b91b77c3e907be80d68a
SSDEEP

49152:vB+dPmenydp6g4OiZrq1DfP+rsNADtV6v+L8uSwiPSCmDS+5uSlVQ:Cuiyd54OiZrq1DfPHNADtV6v+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2096	2764	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2764	8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe
2764	8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2764	8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe
2764	8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 2096	2764	8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe	28
PID 2764 wrote to memory of 2096	2764	8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe	28
PID 2764 wrote to memory of 2096	2764	8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe	28
PID 2764 wrote to memory of 2096	2764	8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe	28

C:\Users\Admin\AppData\Local\Temp\8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe
"C:\Users\Admin\AppData\Local\Temp\8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
  2⤵
  - Program crash
  PID:2096