9422c80b3f354c5ae2c6a2b48566fb64bc84a39c07a64df836d9b33fe286919d

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 01:38

Target

d4e4046a33c524c0bbc6df6a2ff3d71d.exe
Size

20KB
MD5

d4e4046a33c524c0bbc6df6a2ff3d71d
SHA1

a9781d907937f6f54b4bdf5c0428bf54ab392b34
SHA256

9422c80b3f354c5ae2c6a2b48566fb64bc84a39c07a64df836d9b33fe286919d
SHA512

d3192c11c99bf6fea7d7f8411cb0e5419374bd7708928c45a0a07cd8a61681a473b34e5f2dfdff2976f86b73442db4c41419ae250e21001c98b083d6bd1abd03
SSDEEP

96:rd7UjIBgZ36l+TuO2c61F3xORirNQ5mDVdD304/GNKEi2:xCxZKMTuOB0ORCjvD304Wi

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2120	1564	WerFault.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1564	d4e4046a33c524c0bbc6df6a2ff3d71d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 2120	1564	d4e4046a33c524c0bbc6df6a2ff3d71d.exe	28
PID 1564 wrote to memory of 2120	1564	d4e4046a33c524c0bbc6df6a2ff3d71d.exe	28
PID 1564 wrote to memory of 2120	1564	d4e4046a33c524c0bbc6df6a2ff3d71d.exe	28
PID 1564 wrote to memory of 2120	1564	d4e4046a33c524c0bbc6df6a2ff3d71d.exe	28

C:\Users\Admin\AppData\Local\Temp\d4e4046a33c524c0bbc6df6a2ff3d71d.exe
"C:\Users\Admin\AppData\Local\Temp\d4e4046a33c524c0bbc6df6a2ff3d71d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 188
  2⤵
  - Program crash
  PID:2120