6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7

Analysis

max time kernel
27s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7.exe
Size

256KB
MD5

6f3de09cee5198253aa87a0bca9a1d01
SHA1

822a004cf9ad276bdaa5402fd3d3dbe8870397b9
SHA256

6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7
SHA512

294a8f9dc9d5ef118b7835652d55b20225a28527be4f26d694a32a3653ee712a0bc2f025f3900c43499bbe9c6f51f2769322ad68ca1c0245693f679cdf5884dd
SSDEEP

3072:u4elsUeaEXW6BQZv6NSgapKbDsnplerDRBjZqMNykXLkOG3wOG+9bdNV7scop:upyrZdBQZvGakbHxv3kD9bBs9

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1832	6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe

Loads dropped DLL 9 IoCs

pid	Process
1668	6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7.exe
1668	6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1996	1832	WerFault.exe	27

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 1832	1668	6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7.exe	27
PID 1668 wrote to memory of 1832	1668	6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7.exe	27
PID 1668 wrote to memory of 1832	1668	6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7.exe	27
PID 1668 wrote to memory of 1832	1668	6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7.exe	27
PID 1832 wrote to memory of 1996	1832	6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe	28
PID 1832 wrote to memory of 1996	1832	6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe	28
PID 1832 wrote to memory of 1996	1832	6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe	28
PID 1832 wrote to memory of 1996	1832	6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe	28

C:\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7.exe
"C:\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe
  C:\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1832
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 100
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe

Filesize
117KB

MD5
8496f6a2cbd1e710149e098e047eaee2

SHA1
dd0a84f13d385928e5270ef9b4b442150fd4a060

SHA256
dfa3498dc41116db8aec3fd24721709e90248ad9de239222f1ed31f1f9286a03

SHA512
c7a58e158ff3fbfd2bf5e2327221f6f5d24fc7abef2b48da63e98ee96efb3ff0e9d8ce8047f34f3843f385ca0607ee85a5ca7e0a8e3330366a23e99c1d9e3dd5

Download Submit
\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe

Filesize
117KB

MD5
8496f6a2cbd1e710149e098e047eaee2

SHA1
dd0a84f13d385928e5270ef9b4b442150fd4a060

SHA256
dfa3498dc41116db8aec3fd24721709e90248ad9de239222f1ed31f1f9286a03

SHA512
c7a58e158ff3fbfd2bf5e2327221f6f5d24fc7abef2b48da63e98ee96efb3ff0e9d8ce8047f34f3843f385ca0607ee85a5ca7e0a8e3330366a23e99c1d9e3dd5

Download Submit
\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe

Filesize
117KB

MD5
8496f6a2cbd1e710149e098e047eaee2

SHA1
dd0a84f13d385928e5270ef9b4b442150fd4a060

SHA256
dfa3498dc41116db8aec3fd24721709e90248ad9de239222f1ed31f1f9286a03

SHA512
c7a58e158ff3fbfd2bf5e2327221f6f5d24fc7abef2b48da63e98ee96efb3ff0e9d8ce8047f34f3843f385ca0607ee85a5ca7e0a8e3330366a23e99c1d9e3dd5

Download Submit
\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe

Filesize
117KB

MD5
8496f6a2cbd1e710149e098e047eaee2

SHA1
dd0a84f13d385928e5270ef9b4b442150fd4a060

SHA256
dfa3498dc41116db8aec3fd24721709e90248ad9de239222f1ed31f1f9286a03

SHA512
c7a58e158ff3fbfd2bf5e2327221f6f5d24fc7abef2b48da63e98ee96efb3ff0e9d8ce8047f34f3843f385ca0607ee85a5ca7e0a8e3330366a23e99c1d9e3dd5

Download Submit
\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe

Filesize
117KB

MD5
8496f6a2cbd1e710149e098e047eaee2

SHA1
dd0a84f13d385928e5270ef9b4b442150fd4a060

SHA256
dfa3498dc41116db8aec3fd24721709e90248ad9de239222f1ed31f1f9286a03

SHA512
c7a58e158ff3fbfd2bf5e2327221f6f5d24fc7abef2b48da63e98ee96efb3ff0e9d8ce8047f34f3843f385ca0607ee85a5ca7e0a8e3330366a23e99c1d9e3dd5

Download Submit
\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe

Filesize
117KB

MD5
8496f6a2cbd1e710149e098e047eaee2

SHA1
dd0a84f13d385928e5270ef9b4b442150fd4a060

SHA256
dfa3498dc41116db8aec3fd24721709e90248ad9de239222f1ed31f1f9286a03

SHA512
c7a58e158ff3fbfd2bf5e2327221f6f5d24fc7abef2b48da63e98ee96efb3ff0e9d8ce8047f34f3843f385ca0607ee85a5ca7e0a8e3330366a23e99c1d9e3dd5

Download Submit
\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe

Filesize
117KB

MD5
8496f6a2cbd1e710149e098e047eaee2

SHA1
dd0a84f13d385928e5270ef9b4b442150fd4a060

SHA256
dfa3498dc41116db8aec3fd24721709e90248ad9de239222f1ed31f1f9286a03

SHA512
c7a58e158ff3fbfd2bf5e2327221f6f5d24fc7abef2b48da63e98ee96efb3ff0e9d8ce8047f34f3843f385ca0607ee85a5ca7e0a8e3330366a23e99c1d9e3dd5

Download Submit
\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe

Filesize
117KB

MD5
8496f6a2cbd1e710149e098e047eaee2

SHA1
dd0a84f13d385928e5270ef9b4b442150fd4a060

SHA256
dfa3498dc41116db8aec3fd24721709e90248ad9de239222f1ed31f1f9286a03

SHA512
c7a58e158ff3fbfd2bf5e2327221f6f5d24fc7abef2b48da63e98ee96efb3ff0e9d8ce8047f34f3843f385ca0607ee85a5ca7e0a8e3330366a23e99c1d9e3dd5

Download Submit
\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe

Filesize
117KB

MD5
8496f6a2cbd1e710149e098e047eaee2

SHA1
dd0a84f13d385928e5270ef9b4b442150fd4a060

SHA256
dfa3498dc41116db8aec3fd24721709e90248ad9de239222f1ed31f1f9286a03

SHA512
c7a58e158ff3fbfd2bf5e2327221f6f5d24fc7abef2b48da63e98ee96efb3ff0e9d8ce8047f34f3843f385ca0607ee85a5ca7e0a8e3330366a23e99c1d9e3dd5

Download Submit
\Users\Admin\AppData\Local\Temp\6eae7a5455da10111abc2a7f57d469cefa417624c5bf46f55f9f71c769ebd1a7mgr.exe

Filesize
117KB

MD5
8496f6a2cbd1e710149e098e047eaee2

SHA1
dd0a84f13d385928e5270ef9b4b442150fd4a060

SHA256
dfa3498dc41116db8aec3fd24721709e90248ad9de239222f1ed31f1f9286a03

SHA512
c7a58e158ff3fbfd2bf5e2327221f6f5d24fc7abef2b48da63e98ee96efb3ff0e9d8ce8047f34f3843f385ca0607ee85a5ca7e0a8e3330366a23e99c1d9e3dd5

Download Submit
memory/1668-57-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download
memory/1668-67-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1668-68-0x0000000000220000-0x0000000000248000-memory.dmp

Filesize
160KB

Download
memory/1668-70-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1832-69-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads