Overview

overview

10

Static

static

5

ed90f1c4df...10.exe

windows7_x64

5

ed90f1c4df...10.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    37s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    24-05-2022 02:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ed90f1c4dfa869c5f64960eaff5ea82dc33b5d18ccfb5325a55e832739374910.exe

  • Size

    1.9MB

  • MD5

    5b6b3ee51c768d0c335799d16e85f5b1

  • SHA1

    604c648cffb3e2e9fb0d3712bf341bb577c8cb81

  • SHA256

    ed90f1c4dfa869c5f64960eaff5ea82dc33b5d18ccfb5325a55e832739374910

  • SHA512

    df0de18365acdb919ed044f399e71670157227d6e2dc0fb0425741017650c769dbcd1fb87c2259067905379afca520708a28f9d9dabe528901d2c8d64f907f96

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed90f1c4dfa869c5f64960eaff5ea82dc33b5d18ccfb5325a55e832739374910.exe
    "C:\Users\Admin\AppData\Local\Temp\ed90f1c4dfa869c5f64960eaff5ea82dc33b5d18ccfb5325a55e832739374910.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1768
    • C:\Windows\SysWOW64\WerFault.exe
      "C:\Windows\SysWOW64\WerFault.exe"
      2⤵
        PID:1220

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1220-59-0x000000000048F888-mapping.dmp
      Download
    • memory/1768-54-0x0000000075C01000-0x0000000075C03000-memory.dmp
      Filesize

      8KB

      Download