262f5901d5463b9d191893b4873cd9e88d3c87f43e91d1f984d956167c063041

Analysis

max time kernel
44s
max time network
75s
platform
windows7_x64
resource
win7-20220414-en
submitted
16-06-2022 09:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

262f5901d5463b9d191893b4873cd9e88d3c87f43e91d1f984d956167c063041.exe
Size

184KB
MD5

2822431899265acfe0116a193ff7eb86
SHA1

19b65753f8b60664b371b28680b5d4ce7660af2a
SHA256

262f5901d5463b9d191893b4873cd9e88d3c87f43e91d1f984d956167c063041
SHA512

11bf4b1bc5217564c03811608ad7adce819925dd47daa6f01eca31a9f0aa46f519b93635efc44f7e7422f44650cb2fa6d4f024dbf52dfb77e26ccb6793267797

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Program crash 1 IoCs

pid	pid_target	Process	procid_target
896	1648	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 896	1648	262f5901d5463b9d191893b4873cd9e88d3c87f43e91d1f984d956167c063041.exe	29
PID 1648 wrote to memory of 896	1648	262f5901d5463b9d191893b4873cd9e88d3c87f43e91d1f984d956167c063041.exe	29
PID 1648 wrote to memory of 896	1648	262f5901d5463b9d191893b4873cd9e88d3c87f43e91d1f984d956167c063041.exe	29
PID 1648 wrote to memory of 896	1648	262f5901d5463b9d191893b4873cd9e88d3c87f43e91d1f984d956167c063041.exe	29

C:\Users\Admin\AppData\Local\Temp\262f5901d5463b9d191893b4873cd9e88d3c87f43e91d1f984d956167c063041.exe
"C:\Users\Admin\AppData\Local\Temp\262f5901d5463b9d191893b4873cd9e88d3c87f43e91d1f984d956167c063041.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 884
  2⤵
  - Program crash
  PID:896

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1648-54-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download