Analysis

  • max time kernel
    176s
  • max time network
    269s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    08/05/2022, 06:12

General

  • Target

    ed5d49b6a5348ec9c64d9fd3c5df4218a24e7c819de5716adc3de05702890ec8.exe

  • Size

    951KB

  • MD5

    78f3c0e0e1ebb93fde1ab54078e1a45f

  • SHA1

    a2cd4f5901cfecc3f788993fe986404c37e34702

  • SHA256

    ed5d49b6a5348ec9c64d9fd3c5df4218a24e7c819de5716adc3de05702890ec8

  • SHA512

    ac72c4d5df979fa215e23fae83403e6f035598be077d48f97382bbbd4b1823ed0050b7bdf970e59ae39993c048ef505943e1cf22507eea0266225cdc84e309df

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Program crash 1 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed5d49b6a5348ec9c64d9fd3c5df4218a24e7c819de5716adc3de05702890ec8.exe
    "C:\Users\Admin\AppData\Local\Temp\ed5d49b6a5348ec9c64d9fd3c5df4218a24e7c819de5716adc3de05702890ec8.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:1044
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 928
      2⤵
      • Program crash
      PID:840

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1044-54-0x0000000075C51000-0x0000000075C53000-memory.dmp

          Filesize

          8KB