3fa37902bcfddac1317ae10634249e044a01fa0c941cacc522ec02f6b923b617

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 18:54

Target

3fa37902bcfddac1317ae10634249e044a01fa0c941cacc522ec02f6b923b617.exe
Size

5.1MB
MD5

e08f805116fb5432d5e83747b823bd90
SHA1

621373e5a280bc4834e6edc669d2a598b793e1f0
SHA256

3fa37902bcfddac1317ae10634249e044a01fa0c941cacc522ec02f6b923b617
SHA512

39a0b97b6a11f49b4785470408ecc6fdfd4d3f54d221439a6d61abf39c823122efde09db8e217884555919f46c0d6f441202dfa387ad0ef7138ad7bea0653ca1
SSDEEP

98304:e9Q57zL10h6T6F9628sPyYFivvKncMpzJOPc:eoL1K6z28whivVc

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2148	3fa37902bcfddac1317ae10634249e044a01fa0c941cacc522ec02f6b923b617.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1228	2148	WerFault.exe	27

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2148	3fa37902bcfddac1317ae10634249e044a01fa0c941cacc522ec02f6b923b617.exe
2148	3fa37902bcfddac1317ae10634249e044a01fa0c941cacc522ec02f6b923b617.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 1228	2148	3fa37902bcfddac1317ae10634249e044a01fa0c941cacc522ec02f6b923b617.exe	28
PID 2148 wrote to memory of 1228	2148	3fa37902bcfddac1317ae10634249e044a01fa0c941cacc522ec02f6b923b617.exe	28
PID 2148 wrote to memory of 1228	2148	3fa37902bcfddac1317ae10634249e044a01fa0c941cacc522ec02f6b923b617.exe	28
PID 2148 wrote to memory of 1228	2148	3fa37902bcfddac1317ae10634249e044a01fa0c941cacc522ec02f6b923b617.exe	28

C:\Users\Admin\AppData\Local\Temp\3fa37902bcfddac1317ae10634249e044a01fa0c941cacc522ec02f6b923b617.exe
"C:\Users\Admin\AppData\Local\Temp\3fa37902bcfddac1317ae10634249e044a01fa0c941cacc522ec02f6b923b617.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 376
  2⤵
  - Program crash
  PID:1228

\Users\Admin\AppData\Local\Temp\E2EECore.2.3.0.dll

Filesize
8.2MB

MD5
b36c5ac6ebe053d9c9e638b688723f46

SHA1
63c51f04293e26a8a49fa04c5e0b342ffae5381f

SHA256
860394ea3a52757ce1a875e5a598c3c30752a673150df37b7c0e599f224f5877

SHA512
933f428911ed0e56fa201f124ab85f5383cf9ae3465516c8eaf4d2d63788ffd3812df67f3fd75a1304b26e4bcebc6bd84fa08563dd5b9c4727f86bf96a0d5a09

Download Submit