Analysis

  • max time kernel
    45s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2022, 22:53

General

  • Target

    94f0e91b85ec1a44ea3fa3ea64f1c961b4a9fe3188ab242dba151582453dfd48.exe

  • Size

    5.2MB

  • MD5

    a0a78301a0f7e4ed18a488c064e14ea7

  • SHA1

    a21c0ca52b6c8362d74b5d7769ffa3e40a8e246b

  • SHA256

    94f0e91b85ec1a44ea3fa3ea64f1c961b4a9fe3188ab242dba151582453dfd48

  • SHA512

    a37a443677f422efcc147d374f9e9aab5330c563fafd6a09abb4ca41302c23150d95d920c8435de2bdbf948b6fabdac1b7e1af088d42d609994afc81df2487be

  • SSDEEP

    98304:zvdbokc64QVgi9QpkR0xkw3zLzOIMiu9AgXz58wW3HuI73hb:zvd0URQpkR0xkSzfOIMiulD5CHuI9b

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Modifies Control Panel 3 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\94f0e91b85ec1a44ea3fa3ea64f1c961b4a9fe3188ab242dba151582453dfd48.exe
    "C:\Users\Admin\AppData\Local\Temp\94f0e91b85ec1a44ea3fa3ea64f1c961b4a9fe3188ab242dba151582453dfd48.exe"
    1⤵
    • Modifies Control Panel
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 628
      2⤵
      • Program crash
      PID:688

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1600-61-0x0000000000400000-0x0000000001907000-memory.dmp

          Filesize

          21.0MB

        • memory/1600-69-0x0000000003360000-0x00000000034A0000-memory.dmp

          Filesize

          1.2MB

        • memory/1600-57-0x0000000000400000-0x0000000001907000-memory.dmp

          Filesize

          21.0MB

        • memory/1600-58-0x0000000000400000-0x0000000001907000-memory.dmp

          Filesize

          21.0MB

        • memory/1600-59-0x0000000000400000-0x0000000001907000-memory.dmp

          Filesize

          21.0MB

        • memory/1600-62-0x0000000003360000-0x00000000034A0000-memory.dmp

          Filesize

          1.2MB

        • memory/1600-60-0x0000000003360000-0x00000000034A0000-memory.dmp

          Filesize

          1.2MB

        • memory/1600-54-0x00000000752B1000-0x00000000752B3000-memory.dmp

          Filesize

          8KB

        • memory/1600-56-0x0000000000400000-0x0000000001907000-memory.dmp

          Filesize

          21.0MB

        • memory/1600-67-0x0000000003360000-0x00000000034A0000-memory.dmp

          Filesize

          1.2MB

        • memory/1600-68-0x0000000003360000-0x00000000034A0000-memory.dmp

          Filesize

          1.2MB

        • memory/1600-66-0x0000000003360000-0x00000000034A0000-memory.dmp

          Filesize

          1.2MB

        • memory/1600-65-0x0000000003360000-0x00000000034A0000-memory.dmp

          Filesize

          1.2MB

        • memory/1600-64-0x0000000003360000-0x00000000034A0000-memory.dmp

          Filesize

          1.2MB

        • memory/1600-63-0x0000000003360000-0x00000000034A0000-memory.dmp

          Filesize

          1.2MB

        • memory/1600-55-0x0000000000400000-0x0000000001907000-memory.dmp

          Filesize

          21.0MB

        • memory/1600-71-0x0000000000400000-0x0000000001907000-memory.dmp

          Filesize

          21.0MB