58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618a

Analysis

max time kernel
11s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618a.exe
Size

158KB
MD5

91b06298af4fce27cd8310dd06d8b351
SHA1

a281062784f8cff691b4a85085af1236885ab3ee
SHA256

58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618a
SHA512

d709e97c9e5539805567a288a8e8a4177aac56644f1eaf88554cd5799af756dcc0025447c0fccfda806a332e4f39a3cc8c29e8c7d902b994afb8c76c650219f7
SSDEEP

1536:Aj4Hq4rJZa6jJXUedPkPcsLxi6VL33uKdTicTuEoldsO56xVH4aFYZr22T5KDtw2:a4zZpjJEuMxF3VL3RnLoixmq87ADtVH

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1976	58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618amgr.exe

Loads dropped DLL 9 IoCs

pid	Process
1932	58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618a.exe
1932	58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618a.exe
1264	WerFault.exe
1264	WerFault.exe
1264	WerFault.exe
1264	WerFault.exe
1264	WerFault.exe
1264	WerFault.exe
1264	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1264	1976	WerFault.exe	29

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 1976	1932	58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618a.exe	29
PID 1932 wrote to memory of 1976	1932	58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618a.exe	29
PID 1932 wrote to memory of 1976	1932	58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618a.exe	29
PID 1932 wrote to memory of 1976	1932	58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618a.exe	29
PID 1976 wrote to memory of 1264	1976	58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618amgr.exe	30
PID 1976 wrote to memory of 1264	1976	58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618amgr.exe	30
PID 1976 wrote to memory of 1264	1976	58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618amgr.exe	30
PID 1976 wrote to memory of 1264	1976	58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618amgr.exe	30

C:\Users\Admin\AppData\Local\Temp\58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618a.exe
"C:\Users\Admin\AppData\Local\Temp\58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Users\Admin\AppData\Local\Temp\58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618amgr.exe
  C:\Users\Admin\AppData\Local\Temp\58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618amgr.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1976
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 100
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618amgr.exe

Filesize
103KB

MD5
0ff8c1c8de1f818a51512f4d894e30d1

SHA1
bd99a343ea5ca5ebdd7207651478a8425054716a

SHA256
7cc54785e229b1605103e3219969939eb80f106e9edca3cb380917ac33526d28

SHA512
da23767aa25ba5c1bb55c338fa82b1b60853c83fd1e4af28cc023fdd1405b46717bc58137d7bfe7a3a581dcd23de0520ab6ace88434b8cf35b3a0278f516dfd2

Download Submit
\Users\Admin\AppData\Local\Temp\58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618amgr.exe

Filesize
103KB

MD5
0ff8c1c8de1f818a51512f4d894e30d1

SHA1
bd99a343ea5ca5ebdd7207651478a8425054716a

SHA256
7cc54785e229b1605103e3219969939eb80f106e9edca3cb380917ac33526d28

SHA512
da23767aa25ba5c1bb55c338fa82b1b60853c83fd1e4af28cc023fdd1405b46717bc58137d7bfe7a3a581dcd23de0520ab6ace88434b8cf35b3a0278f516dfd2

Download Submit
\Users\Admin\AppData\Local\Temp\58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618amgr.exe

Filesize
103KB

MD5
0ff8c1c8de1f818a51512f4d894e30d1

SHA1
bd99a343ea5ca5ebdd7207651478a8425054716a

SHA256
7cc54785e229b1605103e3219969939eb80f106e9edca3cb380917ac33526d28

SHA512
da23767aa25ba5c1bb55c338fa82b1b60853c83fd1e4af28cc023fdd1405b46717bc58137d7bfe7a3a581dcd23de0520ab6ace88434b8cf35b3a0278f516dfd2

Download Submit
\Users\Admin\AppData\Local\Temp\58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618amgr.exe

Filesize
103KB

MD5
0ff8c1c8de1f818a51512f4d894e30d1

SHA1
bd99a343ea5ca5ebdd7207651478a8425054716a

SHA256
7cc54785e229b1605103e3219969939eb80f106e9edca3cb380917ac33526d28

SHA512
da23767aa25ba5c1bb55c338fa82b1b60853c83fd1e4af28cc023fdd1405b46717bc58137d7bfe7a3a581dcd23de0520ab6ace88434b8cf35b3a0278f516dfd2

Download Submit
\Users\Admin\AppData\Local\Temp\58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618amgr.exe

Filesize
103KB

MD5
0ff8c1c8de1f818a51512f4d894e30d1

SHA1
bd99a343ea5ca5ebdd7207651478a8425054716a

SHA256
7cc54785e229b1605103e3219969939eb80f106e9edca3cb380917ac33526d28

SHA512
da23767aa25ba5c1bb55c338fa82b1b60853c83fd1e4af28cc023fdd1405b46717bc58137d7bfe7a3a581dcd23de0520ab6ace88434b8cf35b3a0278f516dfd2

Download Submit
\Users\Admin\AppData\Local\Temp\58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618amgr.exe

Filesize
103KB

MD5
0ff8c1c8de1f818a51512f4d894e30d1

SHA1
bd99a343ea5ca5ebdd7207651478a8425054716a

SHA256
7cc54785e229b1605103e3219969939eb80f106e9edca3cb380917ac33526d28

SHA512
da23767aa25ba5c1bb55c338fa82b1b60853c83fd1e4af28cc023fdd1405b46717bc58137d7bfe7a3a581dcd23de0520ab6ace88434b8cf35b3a0278f516dfd2

Download Submit
\Users\Admin\AppData\Local\Temp\58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618amgr.exe

Filesize
103KB

MD5
0ff8c1c8de1f818a51512f4d894e30d1

SHA1
bd99a343ea5ca5ebdd7207651478a8425054716a

SHA256
7cc54785e229b1605103e3219969939eb80f106e9edca3cb380917ac33526d28

SHA512
da23767aa25ba5c1bb55c338fa82b1b60853c83fd1e4af28cc023fdd1405b46717bc58137d7bfe7a3a581dcd23de0520ab6ace88434b8cf35b3a0278f516dfd2

Download Submit
\Users\Admin\AppData\Local\Temp\58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618amgr.exe

Filesize
103KB

MD5
0ff8c1c8de1f818a51512f4d894e30d1

SHA1
bd99a343ea5ca5ebdd7207651478a8425054716a

SHA256
7cc54785e229b1605103e3219969939eb80f106e9edca3cb380917ac33526d28

SHA512
da23767aa25ba5c1bb55c338fa82b1b60853c83fd1e4af28cc023fdd1405b46717bc58137d7bfe7a3a581dcd23de0520ab6ace88434b8cf35b3a0278f516dfd2

Download Submit
\Users\Admin\AppData\Local\Temp\58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618amgr.exe

Filesize
103KB

MD5
0ff8c1c8de1f818a51512f4d894e30d1

SHA1
bd99a343ea5ca5ebdd7207651478a8425054716a

SHA256
7cc54785e229b1605103e3219969939eb80f106e9edca3cb380917ac33526d28

SHA512
da23767aa25ba5c1bb55c338fa82b1b60853c83fd1e4af28cc023fdd1405b46717bc58137d7bfe7a3a581dcd23de0520ab6ace88434b8cf35b3a0278f516dfd2

Download Submit
\Users\Admin\AppData\Local\Temp\58f637ca0ce38a97f31ca2821dfcb80ac45905ec469fa72bd2f2d635da1e618amgr.exe

Filesize
103KB

MD5
0ff8c1c8de1f818a51512f4d894e30d1

SHA1
bd99a343ea5ca5ebdd7207651478a8425054716a

SHA256
7cc54785e229b1605103e3219969939eb80f106e9edca3cb380917ac33526d28

SHA512
da23767aa25ba5c1bb55c338fa82b1b60853c83fd1e4af28cc023fdd1405b46717bc58137d7bfe7a3a581dcd23de0520ab6ace88434b8cf35b3a0278f516dfd2

Download Submit
memory/1932-66-0x0000000001000000-0x000000000106C000-memory.dmp

Filesize
432KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads