461169dbae3f89aad992ab9fd661433d6e77dc6da3c9db3f173f9d535ef1a20f

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 16:37

Target

461169dbae3f89aad992ab9fd661433d6e77dc6da3c9db3f173f9d535ef1a20f.exe
Size

425KB
MD5

5df74e6c35d7fc1df085de95a1206f5e
SHA1

134cff951b071387bb00bd4d7da9f14286aeab93
SHA256

461169dbae3f89aad992ab9fd661433d6e77dc6da3c9db3f173f9d535ef1a20f
SHA512

5f9aff81332c7617fe2918d5e2587cc1d52b63d65d7a304b773ce22099313d9289cc01ee61f9c3ea9b09856080ae77665c0bc0c9214eade6962db8477c704a54
SSDEEP

6144:Nnu1au2GLL14b12qgMj69lc/4LDA6VCSDugwVb0:Nnu1aun4b12q/6lc/47z

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2088	461169dbae3f89aad992ab9fd661433d6e77dc6da3c9db3f173f9d535ef1a20f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2104	2088	461169dbae3f89aad992ab9fd661433d6e77dc6da3c9db3f173f9d535ef1a20f.exe	32
PID 2088 wrote to memory of 2104	2088	461169dbae3f89aad992ab9fd661433d6e77dc6da3c9db3f173f9d535ef1a20f.exe	32
PID 2088 wrote to memory of 2104	2088	461169dbae3f89aad992ab9fd661433d6e77dc6da3c9db3f173f9d535ef1a20f.exe	32

C:\Users\Admin\AppData\Local\Temp\461169dbae3f89aad992ab9fd661433d6e77dc6da3c9db3f173f9d535ef1a20f.exe
"C:\Users\Admin\AppData\Local\Temp\461169dbae3f89aad992ab9fd661433d6e77dc6da3c9db3f173f9d535ef1a20f.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2088 -s 176
  2⤵
  PID:2104