da828cf7c81088f17e4d5a80e287c59eaa2b953aa1bf6252bb15c170243b41af

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 04:24

Target

da828cf7c81088f17e4d5a80e287c59eaa2b953aa1bf6252bb15c170243b41af.exe
Size

184KB
MD5

405805f05f921707fc746d1d9440f69e
SHA1

9b542084814afd9efc6ba65b8d04675e17211ec6
SHA256

da828cf7c81088f17e4d5a80e287c59eaa2b953aa1bf6252bb15c170243b41af
SHA512

16be9771e2abe05ca4c1d7d55d4b844bec3807c484c7c693935c4f976c388f19cd5559f5d35737290ef73fd6cd03b97f056857bbbb94727200658c6a67462ec0
SSDEEP

3072:kGBLijo6Sjrzd0DZPxi8s1UXlvnq2xiuK:kGwopp0DW8EUXlPq2xiu

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2376	2920	WerFault.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2920	da828cf7c81088f17e4d5a80e287c59eaa2b953aa1bf6252bb15c170243b41af.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 2376	2920	da828cf7c81088f17e4d5a80e287c59eaa2b953aa1bf6252bb15c170243b41af.exe	28
PID 2920 wrote to memory of 2376	2920	da828cf7c81088f17e4d5a80e287c59eaa2b953aa1bf6252bb15c170243b41af.exe	28
PID 2920 wrote to memory of 2376	2920	da828cf7c81088f17e4d5a80e287c59eaa2b953aa1bf6252bb15c170243b41af.exe	28
PID 2920 wrote to memory of 2376	2920	da828cf7c81088f17e4d5a80e287c59eaa2b953aa1bf6252bb15c170243b41af.exe	28

C:\Users\Admin\AppData\Local\Temp\da828cf7c81088f17e4d5a80e287c59eaa2b953aa1bf6252bb15c170243b41af.exe
"C:\Users\Admin\AppData\Local\Temp\da828cf7c81088f17e4d5a80e287c59eaa2b953aa1bf6252bb15c170243b41af.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
  2⤵
  - Program crash
  PID:2376