Resubmissions

12-04-2022 11:48

220412-nyx8xabccl 3

12-04-2022 08:59

220412-kxqkwshehj 10

Analysis

  • max time kernel
    4294183s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20220310-en
  • submitted
    12-04-2022 08:59

General

  • Target

    cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327.exe

  • Size

    624KB

  • MD5

    9ec8468dd4a81b0b35c499b31e67375e

  • SHA1

    6fa04992c0624c7aa3ca80da6a30e6de91226a16

  • SHA256

    cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327

  • SHA512

    bd6b37a0395f0ae508c54dcb62d5258adfb8c202605db8310c6b8758c3874bd2364491b1b129209ba1854df27f35149f891ac785a89fe26ddc45c40cad8023b2

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327.exe
    "C:\Users\Admin\AppData\Local\Temp\cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1452
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 156
      2⤵
      • Program crash
      PID:1772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1452-54-0x0000000075A31000-0x0000000075A33000-memory.dmp

    Filesize

    8KB

  • memory/1772-55-0x0000000000000000-mapping.dmp