35d4272cc73224ac1516d44f5bed5ef11b18face488baa64e5a51cf8d7616b3b

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10-07-2024 21:12

Target

35d4272cc73224ac1516d44f5bed5ef11b18face488baa64e5a51cf8d7616b3b.exe
Size

3.2MB
MD5

6af0e55e5cc5d8e99dff16094abe2365
SHA1

430b213b9e8598f14c0f70da13a91494aa3247de
SHA256

35d4272cc73224ac1516d44f5bed5ef11b18face488baa64e5a51cf8d7616b3b
SHA512

6414dd0a78854bbcf29b66cc51218ba106a2a065a984b5bf132b3ba56e36e32a3fb28b2ee4908645bd48a87af28cc7b6e4c00065fbeb825da44e50768e453439
SSDEEP

49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1Nu:DBIKRAGRe5K2UZ6

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

f76c4b6.exe

pid process

2440 f76c4b6.exe

pid	process
2440	f76c4b6.exe

Loads dropped DLL 9 IoCs

Processes:

35d4272cc73224ac1516d44f5bed5ef11b18face488baa64e5a51cf8d7616b3b.exeWerFault.exe

pid	process
772	35d4272cc73224ac1516d44f5bed5ef11b18face488baa64e5a51cf8d7616b3b.exe
772	35d4272cc73224ac1516d44f5bed5ef11b18face488baa64e5a51cf8d7616b3b.exe
2664	WerFault.exe
2664	WerFault.exe
2664	WerFault.exe
2664	WerFault.exe
2664	WerFault.exe
2664	WerFault.exe
2664	WerFault.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2664 2440 WerFault.exe f76c4b6.exe

pid	pid_target	process	target process
2664	2440	WerFault.exe	f76c4b6.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

35d4272cc73224ac1516d44f5bed5ef11b18face488baa64e5a51cf8d7616b3b.exef76c4b6.exe

pid	process
772	35d4272cc73224ac1516d44f5bed5ef11b18face488baa64e5a51cf8d7616b3b.exe
772	35d4272cc73224ac1516d44f5bed5ef11b18face488baa64e5a51cf8d7616b3b.exe
2440	f76c4b6.exe
2440	f76c4b6.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

35d4272cc73224ac1516d44f5bed5ef11b18face488baa64e5a51cf8d7616b3b.exef76c4b6.exe

description	pid	process	target process
PID 772 wrote to memory of 2440	772	35d4272cc73224ac1516d44f5bed5ef11b18face488baa64e5a51cf8d7616b3b.exe	f76c4b6.exe
PID 772 wrote to memory of 2440	772	35d4272cc73224ac1516d44f5bed5ef11b18face488baa64e5a51cf8d7616b3b.exe	f76c4b6.exe
PID 772 wrote to memory of 2440	772	35d4272cc73224ac1516d44f5bed5ef11b18face488baa64e5a51cf8d7616b3b.exe	f76c4b6.exe
PID 772 wrote to memory of 2440	772	35d4272cc73224ac1516d44f5bed5ef11b18face488baa64e5a51cf8d7616b3b.exe	f76c4b6.exe
PID 2440 wrote to memory of 2664	2440	f76c4b6.exe	WerFault.exe
PID 2440 wrote to memory of 2664	2440	f76c4b6.exe	WerFault.exe
PID 2440 wrote to memory of 2664	2440	f76c4b6.exe	WerFault.exe
PID 2440 wrote to memory of 2664	2440	f76c4b6.exe	WerFault.exe

\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f76c4b6.exe

Filesize
3.2MB

MD5
661f053750d2244d44d140097cec0ca0

SHA1
124e783b62fc92c0ccd73579853bb7531b6e787f

SHA256
aac73e3f85ff479cbffafdadfb4475b5a56aa30525664f92aa0a79650cc6b3c2

SHA512
69b7dddcc33b14b2a9c348368a0be9aeb90937d70e2c451b47831aad8101010103a10bd4217fa02dc73d8f880a952df85412ded15ae24a0dd640dca877dc977f

Download Submit
memory/772-1-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/772-0-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/772-11-0x0000000002C80000-0x0000000003025000-memory.dmp

Filesize
3.6MB

Download
memory/772-14-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2440-12-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2440-13-0x000000007629D000-0x000000007629E000-memory.dmp

Filesize
4KB

Download
memory/2440-41-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2440-42-0x000000007629D000-0x000000007629E000-memory.dmp

Filesize
4KB

Download