3bf9eea7a90af663621c5cd91169c05744e1b341aae38061199a05b8f969fe58

Analysis

max time kernel
24s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 06:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3bf9eea7a90af663621c5cd91169c05744e1b341aae38061199a05b8f969fe58.exe
Size

775KB
MD5

6187751b06461843bbeba37e4998a820
SHA1

70692878fc0823fa9b6f685beafb8f41e953b919
SHA256

3bf9eea7a90af663621c5cd91169c05744e1b341aae38061199a05b8f969fe58
SHA512

bd444516a0e74f2e1afb8006eabcdc10a19254df626fcad9ef9d4aa3246a56ce27a461f62f99d0c9ae3add26224afbe7b8f4df60aa42a43707c09f81819f5a4d
SSDEEP

24576:JA3YZXk7Pm3pl7fgXBIo5yzoXvIdKNQcbWyqgf5E:JzSUIXBIoczofI1M/fq

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1908	1732	WerFault.exe	14

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1732	3bf9eea7a90af663621c5cd91169c05744e1b341aae38061199a05b8f969fe58.exe
1732	3bf9eea7a90af663621c5cd91169c05744e1b341aae38061199a05b8f969fe58.exe
1732	3bf9eea7a90af663621c5cd91169c05744e1b341aae38061199a05b8f969fe58.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 1908	1732	3bf9eea7a90af663621c5cd91169c05744e1b341aae38061199a05b8f969fe58.exe	27
PID 1732 wrote to memory of 1908	1732	3bf9eea7a90af663621c5cd91169c05744e1b341aae38061199a05b8f969fe58.exe	27
PID 1732 wrote to memory of 1908	1732	3bf9eea7a90af663621c5cd91169c05744e1b341aae38061199a05b8f969fe58.exe	27
PID 1732 wrote to memory of 1908	1732	3bf9eea7a90af663621c5cd91169c05744e1b341aae38061199a05b8f969fe58.exe	27

C:\Users\Admin\AppData\Local\Temp\3bf9eea7a90af663621c5cd91169c05744e1b341aae38061199a05b8f969fe58.exe
"C:\Users\Admin\AppData\Local\Temp\3bf9eea7a90af663621c5cd91169c05744e1b341aae38061199a05b8f969fe58.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 364
  2⤵
  - Program crash
  PID:1908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1732-69-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-71-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-56-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1732-57-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1732-59-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1732-58-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1732-61-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1732-60-0x0000000075771000-0x0000000075773000-memory.dmp

Filesize
8KB

Download
memory/1732-55-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1732-63-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-64-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download
memory/1732-65-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1732-66-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-67-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-54-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1732-68-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-62-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1732-70-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-72-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-73-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-74-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-75-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-76-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-77-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-79-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-78-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-80-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-81-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-82-0x00000000004DC000-0x00000000004DEA00-memory.dmp

Filesize
10KB

Download
memory/1732-85-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1732-84-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads