98343a5fa5e885f53e7e6fa1c2caae1cc3d6ed44bf9a3ed6ff6d1dd8fe695dc1

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 00:47

Target

98343a5fa5e885f53e7e6fa1c2caae1cc3d6ed44bf9a3ed6ff6d1dd8fe695dc1.exe
Size

765KB
MD5

43e492e1f4aa9ca233cbc437f6119632
SHA1

8aa6b405b180ac52b73ebaf52a3b60200a7ce7a8
SHA256

98343a5fa5e885f53e7e6fa1c2caae1cc3d6ed44bf9a3ed6ff6d1dd8fe695dc1
SHA512

a467be1cc2ccc8faf8404633950144e33ff5a2f89de0f2111ed10e99767663bc5e08b5c51a34a87ba7a75378a369a716387a7d3f4f305e266b2c9b12d443414a
SSDEEP

12288:/v94T+vKj34Yq/I5GKjVKpxnpmA9wCY1esPk:d4T+vq341/I5jVK7np99wC4esPk

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2092	1952	WerFault.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1952	98343a5fa5e885f53e7e6fa1c2caae1cc3d6ed44bf9a3ed6ff6d1dd8fe695dc1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 2092	1952	98343a5fa5e885f53e7e6fa1c2caae1cc3d6ed44bf9a3ed6ff6d1dd8fe695dc1.exe	28
PID 1952 wrote to memory of 2092	1952	98343a5fa5e885f53e7e6fa1c2caae1cc3d6ed44bf9a3ed6ff6d1dd8fe695dc1.exe	28
PID 1952 wrote to memory of 2092	1952	98343a5fa5e885f53e7e6fa1c2caae1cc3d6ed44bf9a3ed6ff6d1dd8fe695dc1.exe	28
PID 1952 wrote to memory of 2092	1952	98343a5fa5e885f53e7e6fa1c2caae1cc3d6ed44bf9a3ed6ff6d1dd8fe695dc1.exe	28

C:\Users\Admin\AppData\Local\Temp\98343a5fa5e885f53e7e6fa1c2caae1cc3d6ed44bf9a3ed6ff6d1dd8fe695dc1.exe
"C:\Users\Admin\AppData\Local\Temp\98343a5fa5e885f53e7e6fa1c2caae1cc3d6ed44bf9a3ed6ff6d1dd8fe695dc1.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 340
  2⤵
  - Program crash
  PID:2092