7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 12:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96.exe
Size

140KB
MD5

2de33e1553cf632642a619e8324d0a80
SHA1

4031f0f6649175f28dd62bea66aadf673552a6d2
SHA256

7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96
SHA512

7d4efbe6963033bf6f0686b889e03c1bbd572f0cbbcc47e95b381db01ce96d708c2f702ee5428e83cd94887990706fd7e69969db103583060defed6dce341ca0
SSDEEP

1536:In0/Oi125oR/9tQjboK/5SD1f946Zdm/R+K+ZVAs8YUmPiw16:I0/eoR/9tQjbL/5013LaR+Bx6w16

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
964	7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96mgr.exe

Loads dropped DLL 9 IoCs

pid	Process
1184	7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96.exe
1184	7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1788	964	WerFault.exe	26

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 964	1184	7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96.exe	26
PID 1184 wrote to memory of 964	1184	7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96.exe	26
PID 1184 wrote to memory of 964	1184	7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96.exe	26
PID 1184 wrote to memory of 964	1184	7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96.exe	26
PID 964 wrote to memory of 1788	964	7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96mgr.exe	27
PID 964 wrote to memory of 1788	964	7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96mgr.exe	27
PID 964 wrote to memory of 1788	964	7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96mgr.exe	27
PID 964 wrote to memory of 1788	964	7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96mgr.exe	27

C:\Users\Admin\AppData\Local\Temp\7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96.exe
"C:\Users\Admin\AppData\Local\Temp\7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Users\Admin\AppData\Local\Temp\7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96mgr.exe
  C:\Users\Admin\AppData\Local\Temp\7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96mgr.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:964
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 156
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96mgr.exe

Filesize
96KB

MD5
ba3834e01e80c0c7e7b81e4721457aa7

SHA1
d876efa57dd896435dbe3675cdcbd1c182803990

SHA256
d04ef80eeae507cbca299a8027a84322b86ca909e73182966639321aba635596

SHA512
3657e78e3c2d2b00d522f63eca33e6dd378904170e3a501e20fe431bbee24dfa1b39186e8a867143dbef59385a03740f4c3c4da558ab2275e28ef56f20e7530c

Download Submit
\Users\Admin\AppData\Local\Temp\7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96mgr.exe

Filesize
96KB

MD5
ba3834e01e80c0c7e7b81e4721457aa7

SHA1
d876efa57dd896435dbe3675cdcbd1c182803990

SHA256
d04ef80eeae507cbca299a8027a84322b86ca909e73182966639321aba635596

SHA512
3657e78e3c2d2b00d522f63eca33e6dd378904170e3a501e20fe431bbee24dfa1b39186e8a867143dbef59385a03740f4c3c4da558ab2275e28ef56f20e7530c

Download Submit
\Users\Admin\AppData\Local\Temp\7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96mgr.exe

Filesize
96KB

MD5
ba3834e01e80c0c7e7b81e4721457aa7

SHA1
d876efa57dd896435dbe3675cdcbd1c182803990

SHA256
d04ef80eeae507cbca299a8027a84322b86ca909e73182966639321aba635596

SHA512
3657e78e3c2d2b00d522f63eca33e6dd378904170e3a501e20fe431bbee24dfa1b39186e8a867143dbef59385a03740f4c3c4da558ab2275e28ef56f20e7530c

Download Submit
\Users\Admin\AppData\Local\Temp\7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96mgr.exe

Filesize
96KB

MD5
ba3834e01e80c0c7e7b81e4721457aa7

SHA1
d876efa57dd896435dbe3675cdcbd1c182803990

SHA256
d04ef80eeae507cbca299a8027a84322b86ca909e73182966639321aba635596

SHA512
3657e78e3c2d2b00d522f63eca33e6dd378904170e3a501e20fe431bbee24dfa1b39186e8a867143dbef59385a03740f4c3c4da558ab2275e28ef56f20e7530c

Download Submit
\Users\Admin\AppData\Local\Temp\7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96mgr.exe

Filesize
96KB

MD5
ba3834e01e80c0c7e7b81e4721457aa7

SHA1
d876efa57dd896435dbe3675cdcbd1c182803990

SHA256
d04ef80eeae507cbca299a8027a84322b86ca909e73182966639321aba635596

SHA512
3657e78e3c2d2b00d522f63eca33e6dd378904170e3a501e20fe431bbee24dfa1b39186e8a867143dbef59385a03740f4c3c4da558ab2275e28ef56f20e7530c

Download Submit
\Users\Admin\AppData\Local\Temp\7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96mgr.exe

Filesize
96KB

MD5
ba3834e01e80c0c7e7b81e4721457aa7

SHA1
d876efa57dd896435dbe3675cdcbd1c182803990

SHA256
d04ef80eeae507cbca299a8027a84322b86ca909e73182966639321aba635596

SHA512
3657e78e3c2d2b00d522f63eca33e6dd378904170e3a501e20fe431bbee24dfa1b39186e8a867143dbef59385a03740f4c3c4da558ab2275e28ef56f20e7530c

Download Submit
\Users\Admin\AppData\Local\Temp\7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96mgr.exe

Filesize
96KB

MD5
ba3834e01e80c0c7e7b81e4721457aa7

SHA1
d876efa57dd896435dbe3675cdcbd1c182803990

SHA256
d04ef80eeae507cbca299a8027a84322b86ca909e73182966639321aba635596

SHA512
3657e78e3c2d2b00d522f63eca33e6dd378904170e3a501e20fe431bbee24dfa1b39186e8a867143dbef59385a03740f4c3c4da558ab2275e28ef56f20e7530c

Download Submit
\Users\Admin\AppData\Local\Temp\7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96mgr.exe

Filesize
96KB

MD5
ba3834e01e80c0c7e7b81e4721457aa7

SHA1
d876efa57dd896435dbe3675cdcbd1c182803990

SHA256
d04ef80eeae507cbca299a8027a84322b86ca909e73182966639321aba635596

SHA512
3657e78e3c2d2b00d522f63eca33e6dd378904170e3a501e20fe431bbee24dfa1b39186e8a867143dbef59385a03740f4c3c4da558ab2275e28ef56f20e7530c

Download Submit
\Users\Admin\AppData\Local\Temp\7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96mgr.exe

Filesize
96KB

MD5
ba3834e01e80c0c7e7b81e4721457aa7

SHA1
d876efa57dd896435dbe3675cdcbd1c182803990

SHA256
d04ef80eeae507cbca299a8027a84322b86ca909e73182966639321aba635596

SHA512
3657e78e3c2d2b00d522f63eca33e6dd378904170e3a501e20fe431bbee24dfa1b39186e8a867143dbef59385a03740f4c3c4da558ab2275e28ef56f20e7530c

Download Submit
\Users\Admin\AppData\Local\Temp\7d47510065094ec5d75929e7496539c935fbedc18b9062e9d7158760896d9d96mgr.exe

Filesize
96KB

MD5
ba3834e01e80c0c7e7b81e4721457aa7

SHA1
d876efa57dd896435dbe3675cdcbd1c182803990

SHA256
d04ef80eeae507cbca299a8027a84322b86ca909e73182966639321aba635596

SHA512
3657e78e3c2d2b00d522f63eca33e6dd378904170e3a501e20fe431bbee24dfa1b39186e8a867143dbef59385a03740f4c3c4da558ab2275e28ef56f20e7530c

Download Submit
memory/964-59-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

Filesize
8KB

Download
memory/964-67-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1184-58-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads