2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f

Analysis

max time kernel
49s
max time network
81s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
04/11/2022, 20:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe
Size

1.3MB
MD5

e13a7f50138697539a31da81cfecf65b
SHA1

dbdba65677d1c00de12451e8c08d85beebdd7546
SHA256

2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f
SHA512

a9f737a628cc1d44312a7eac56a223c72f3709b4eb40c846e4906bed07d515312fc271bff41cb0e2a7810191be44909b6bb8c96667eac49e298354a3c2a4bbe7
SSDEEP

24576:vq/mDip43/XPV0meuTdqhSMSHIMcZWEdPeKPZj0f8VYnzd6P1:vGEHVeuTdqFWIMU28NYzd6

Score

3^/10

Malware Config

Signatures

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4584	1680	WerFault.exe	65
4832	1680	WerFault.exe	65

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66
PID 1680 wrote to memory of 3032	1680	2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe	66

C:\Users\Admin\AppData\Local\Temp\2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe
"C:\Users\Admin\AppData\Local\Temp\2657e85f002ee9927178acffcefefe233433b80d430b84f1bd8138bac834404f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Windows\syswow64\rundll32.exe
  "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
  2⤵
  PID:3032
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 612
  2⤵
  - Program crash
  PID:4584
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 556
  2⤵
  - Program crash
  PID:4832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1680-120-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-121-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-122-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-123-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-124-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-125-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-126-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-127-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-128-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-129-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-130-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-131-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-132-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-133-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-134-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-136-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-137-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-138-0x00000000027C0000-0x00000000028EA000-memory.dmp

Filesize
1.2MB

Download
memory/1680-139-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-141-0x00000000028F0000-0x0000000002BBC000-memory.dmp

Filesize
2.8MB

Download
memory/1680-140-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-142-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-143-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-144-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-145-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-146-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-147-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-148-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-149-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-150-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-151-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-152-0x0000000000400000-0x0000000000957000-memory.dmp

Filesize
5.3MB

Download
memory/1680-153-0x0000000000400000-0x0000000000957000-memory.dmp

Filesize
5.3MB

Download
memory/1680-154-0x0000000000400000-0x0000000000957000-memory.dmp

Filesize
5.3MB

Download
memory/1680-155-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-156-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-157-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-158-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-159-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-160-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-161-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-162-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-163-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-164-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-165-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-166-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-167-0x0000000077390000-0x000000007751E000-memory.dmp

Filesize
1.6MB

Download
memory/1680-168-0x00000000027C0000-0x00000000028EA000-memory.dmp

Filesize
1.2MB

Download
memory/1680-169-0x00000000028F0000-0x0000000002BBC000-memory.dmp

Filesize
2.8MB

Download
memory/1680-170-0x0000000000400000-0x0000000000957000-memory.dmp

Filesize
5.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads