f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7

General

Target

f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7.exe
Size

347KB
MD5

4addbf039078b57a096cd968f050d900
SHA1

33d03bac1abb334374234dc6adb1860201f7ba11
SHA256

f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7
SHA512

06c231f0975bd36c8c8759ee7cef81d7de1b9d04898b031b43572c7b2d8269c15f51d6837aaa25da09de76d9fbd31603438522e026278a7da7c654ebe2223212
SSDEEP

6144:sqHGoq/TMMFIgLYW6E5vmCTucxSbnc1u/RfjZC9/dBd/LA5oERq:s4dNMFIkP5vBuVdBjgB/2q

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
900	f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7mgr.exe

Loads dropped DLL 7 IoCs

pid	Process
1212	f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7.exe
1212	f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7.exe
1516	WerFault.exe
1516	WerFault.exe
1516	WerFault.exe
1516	WerFault.exe
1516	WerFault.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
956	1212	WerFault.exe	26
1516	900	WerFault.exe	27

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 900	1212	f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7.exe	27
PID 1212 wrote to memory of 900	1212	f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7.exe	27
PID 1212 wrote to memory of 900	1212	f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7.exe	27
PID 1212 wrote to memory of 900	1212	f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7.exe	27
PID 1212 wrote to memory of 956	1212	f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7.exe	28
PID 1212 wrote to memory of 956	1212	f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7.exe	28
PID 1212 wrote to memory of 956	1212	f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7.exe	28
PID 1212 wrote to memory of 956	1212	f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7.exe	28
PID 900 wrote to memory of 1516	900	f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7mgr.exe	29
PID 900 wrote to memory of 1516	900	f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7mgr.exe	29
PID 900 wrote to memory of 1516	900	f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7mgr.exe	29
PID 900 wrote to memory of 1516	900	f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7mgr.exe	29

C:\Users\Admin\AppData\Local\Temp\f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7.exe
"C:\Users\Admin\AppData\Local\Temp\f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Users\Admin\AppData\Local\Temp\f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7mgr.exe
  C:\Users\Admin\AppData\Local\Temp\f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7mgr.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:900
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 96
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1516
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 92
  2⤵
  - Program crash
  PID:956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7mgr.exe

Filesize
172KB

MD5
8c668c57fc827bde8cb462ce4d576663

SHA1
e0cdc29056293a0cdf5d0f9142ba58b5549f5465

SHA256
3b13ecbe0591455748f141e6faf53294a415de048bc5ac910057212a07789c32

SHA512
235d7d20418411b9491f7f05457bad85ea5d1541f559d3cd29677d72c94ce12c7a0e381ff2f4fde53d5b89e4559dfd4b8f41e2ba0f72ff28ef5fceb5d96180ab

Download Submit
\Users\Admin\AppData\Local\Temp\f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7mgr.exe

Filesize
172KB

MD5
8c668c57fc827bde8cb462ce4d576663

SHA1
e0cdc29056293a0cdf5d0f9142ba58b5549f5465

SHA256
3b13ecbe0591455748f141e6faf53294a415de048bc5ac910057212a07789c32

SHA512
235d7d20418411b9491f7f05457bad85ea5d1541f559d3cd29677d72c94ce12c7a0e381ff2f4fde53d5b89e4559dfd4b8f41e2ba0f72ff28ef5fceb5d96180ab

Download Submit
\Users\Admin\AppData\Local\Temp\f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7mgr.exe

Filesize
172KB

MD5
8c668c57fc827bde8cb462ce4d576663

SHA1
e0cdc29056293a0cdf5d0f9142ba58b5549f5465

SHA256
3b13ecbe0591455748f141e6faf53294a415de048bc5ac910057212a07789c32

SHA512
235d7d20418411b9491f7f05457bad85ea5d1541f559d3cd29677d72c94ce12c7a0e381ff2f4fde53d5b89e4559dfd4b8f41e2ba0f72ff28ef5fceb5d96180ab

Download Submit
\Users\Admin\AppData\Local\Temp\f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7mgr.exe

Filesize
172KB

MD5
8c668c57fc827bde8cb462ce4d576663

SHA1
e0cdc29056293a0cdf5d0f9142ba58b5549f5465

SHA256
3b13ecbe0591455748f141e6faf53294a415de048bc5ac910057212a07789c32

SHA512
235d7d20418411b9491f7f05457bad85ea5d1541f559d3cd29677d72c94ce12c7a0e381ff2f4fde53d5b89e4559dfd4b8f41e2ba0f72ff28ef5fceb5d96180ab

Download Submit
\Users\Admin\AppData\Local\Temp\f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7mgr.exe

Filesize
172KB

MD5
8c668c57fc827bde8cb462ce4d576663

SHA1
e0cdc29056293a0cdf5d0f9142ba58b5549f5465

SHA256
3b13ecbe0591455748f141e6faf53294a415de048bc5ac910057212a07789c32

SHA512
235d7d20418411b9491f7f05457bad85ea5d1541f559d3cd29677d72c94ce12c7a0e381ff2f4fde53d5b89e4559dfd4b8f41e2ba0f72ff28ef5fceb5d96180ab

Download Submit
\Users\Admin\AppData\Local\Temp\f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7mgr.exe

Filesize
172KB

MD5
8c668c57fc827bde8cb462ce4d576663

SHA1
e0cdc29056293a0cdf5d0f9142ba58b5549f5465

SHA256
3b13ecbe0591455748f141e6faf53294a415de048bc5ac910057212a07789c32

SHA512
235d7d20418411b9491f7f05457bad85ea5d1541f559d3cd29677d72c94ce12c7a0e381ff2f4fde53d5b89e4559dfd4b8f41e2ba0f72ff28ef5fceb5d96180ab

Download Submit
\Users\Admin\AppData\Local\Temp\f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7mgr.exe

Filesize
172KB

MD5
8c668c57fc827bde8cb462ce4d576663

SHA1
e0cdc29056293a0cdf5d0f9142ba58b5549f5465

SHA256
3b13ecbe0591455748f141e6faf53294a415de048bc5ac910057212a07789c32

SHA512
235d7d20418411b9491f7f05457bad85ea5d1541f559d3cd29677d72c94ce12c7a0e381ff2f4fde53d5b89e4559dfd4b8f41e2ba0f72ff28ef5fceb5d96180ab

Download Submit
\Users\Admin\AppData\Local\Temp\f3b3e4ba7e399127fb40b58cbdf72f98b906fd43f0e3162898eaf03ab05eb5a7mgr.exe

Filesize
172KB

MD5
8c668c57fc827bde8cb462ce4d576663

SHA1
e0cdc29056293a0cdf5d0f9142ba58b5549f5465

SHA256
3b13ecbe0591455748f141e6faf53294a415de048bc5ac910057212a07789c32

SHA512
235d7d20418411b9491f7f05457bad85ea5d1541f559d3cd29677d72c94ce12c7a0e381ff2f4fde53d5b89e4559dfd4b8f41e2ba0f72ff28ef5fceb5d96180ab

Download Submit
memory/900-67-0x0000000000400000-0x0000000000434E52-memory.dmp

Filesize
211KB

Download
memory/1212-65-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1212-66-0x0000000000120000-0x0000000000155000-memory.dmp

Filesize
212KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads