Overview

overview

10

Static

static

10

33698dda39...42.exe

windows7_x64

6

33698dda39...42.exe

windows10-2004_x64

3

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20-06-2022 02:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33698dda39e4e785fa22187b7db0d1b4f9fbaf924f06b045c6666c3ef1a2e642.exe

  • Size

    990KB

  • MD5

    2908e633ef1caa87c76d224dccca4273

  • SHA1

    614e4fc794f18f541bf6ea1fcc2ba7d16fb6f6b8

  • SHA256

    33698dda39e4e785fa22187b7db0d1b4f9fbaf924f06b045c6666c3ef1a2e642

  • SHA512

    597b05b132e1cf6547826072c07c7e79ea2ae69edd0d025fca654f0b352225133f34d920fa0fd8b44aff04c79a7264cc8864c5ab49534ba7d4c0fa64e51d0ad6

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\33698dda39e4e785fa22187b7db0d1b4f9fbaf924f06b045c6666c3ef1a2e642.exe
    "C:\Users\Admin\AppData\Local\Temp\33698dda39e4e785fa22187b7db0d1b4f9fbaf924f06b045c6666c3ef1a2e642.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 172
      2⤵
      • Program crash
      PID:1064

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1064-55-0x0000000000000000-mapping.dmp
    Download
  • memory/1644-54-0x00000000769D1000-0x00000000769D3000-memory.dmp
    Filesize

    8KB

    Download