Analysis

  • max time kernel
    36s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 00:43

General

  • Target

    389e3051954755b602d3ac67a21762654e0841bcad67d45e4762f9c001ba546b.exe

  • Size

    1.2MB

  • MD5

    3e151736ec42451b58ef32ef87d80cca

  • SHA1

    7a6d305d533a3a485f782e7b5aad6760b321c6bf

  • SHA256

    389e3051954755b602d3ac67a21762654e0841bcad67d45e4762f9c001ba546b

  • SHA512

    2a8d584e3bc871f3035029e9ce93e34102039bce48aa68d3248852ff761de5a3a3ec5b350b904ce2ddf492dd49871108d0b91364272927810cc5f8293d547d2d

  • SSDEEP

    24576:riOw7EJBb/D3GwlF8rbXL0M9bPx//MIHBteHZqdA:r3IU/q+8rzb9bPhkIHj7dA

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\389e3051954755b602d3ac67a21762654e0841bcad67d45e4762f9c001ba546b.exe
    "C:\Users\Admin\AppData\Local\Temp\389e3051954755b602d3ac67a21762654e0841bcad67d45e4762f9c001ba546b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 156
      2⤵
      • Program crash
      PID:1580

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1672-54-0x0000000000830000-0x0000000000B56000-memory.dmp

          Filesize

          3.1MB