58db5643ac932c0c892de15dde35ff81a90c3a50fdac2f5ce9d7ba6428133edf

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 09:00 UTC

Target

58db5643ac932c0c892de15dde35ff81a90c3a50fdac2f5ce9d7ba6428133edf.exe
Size

2.4MB
MD5

1971811f000e585530963947fea399be
SHA1

d9b807a0c085b7ea3c4e1506174960ca60678e13
SHA256

58db5643ac932c0c892de15dde35ff81a90c3a50fdac2f5ce9d7ba6428133edf
SHA512

597879e2efe4f6dff5ba32de02c2f8dff4757bde3a6bb781954e38bb89cdfd55d3f2d1d561718887c21ee48d97849eec6125d899dc7a269bc6c00ccc5df330da
SSDEEP

49152:bDdIbQO3drjrmNnTkJ5PnoLTo+gaSl+gaSomp+gaS:9813dXrmNnTkJ5PoLI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1112	840	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
840	58db5643ac932c0c892de15dde35ff81a90c3a50fdac2f5ce9d7ba6428133edf.exe
840	58db5643ac932c0c892de15dde35ff81a90c3a50fdac2f5ce9d7ba6428133edf.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
840	58db5643ac932c0c892de15dde35ff81a90c3a50fdac2f5ce9d7ba6428133edf.exe
840	58db5643ac932c0c892de15dde35ff81a90c3a50fdac2f5ce9d7ba6428133edf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 1112	840	58db5643ac932c0c892de15dde35ff81a90c3a50fdac2f5ce9d7ba6428133edf.exe	28
PID 840 wrote to memory of 1112	840	58db5643ac932c0c892de15dde35ff81a90c3a50fdac2f5ce9d7ba6428133edf.exe	28
PID 840 wrote to memory of 1112	840	58db5643ac932c0c892de15dde35ff81a90c3a50fdac2f5ce9d7ba6428133edf.exe	28
PID 840 wrote to memory of 1112	840	58db5643ac932c0c892de15dde35ff81a90c3a50fdac2f5ce9d7ba6428133edf.exe	28

C:\Users\Admin\AppData\Local\Temp\58db5643ac932c0c892de15dde35ff81a90c3a50fdac2f5ce9d7ba6428133edf.exe
"C:\Users\Admin\AppData\Local\Temp\58db5643ac932c0c892de15dde35ff81a90c3a50fdac2f5ce9d7ba6428133edf.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
  2⤵
  - Program crash
  PID:1112