0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775f

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 21:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775f.exe
Size

168KB
MD5

04abc4dca7b22662f72533baf4391533
SHA1

63435b6c4a53cbae145c4bdb5ad618ea422b1fb6
SHA256

0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775f
SHA512

4c363f843ba385b7c4e21e8b353874c1a3c55e756f8c3b53684e72aa5b523feb97f36c1c7e8d84038b21658cc11eaad35692071a6094858454c259ec72f0886b
SSDEEP

3072:U3vO/exod0BbykKZkxfltjwwFc5torYU9RSE6xJren:evHbbpKs9mzDorDfSEEJyn

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1964	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe

Loads dropped DLL 12 IoCs

pid	Process
1160	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775f.exe
1160	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775f.exe
1964	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe
1964	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe
1964	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe
1456	WerFault.exe
1456	WerFault.exe
1456	WerFault.exe
1456	WerFault.exe
1456	WerFault.exe
1456	WerFault.exe
1456	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1456	1964	WerFault.exe	26

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 1964	1160	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775f.exe	26
PID 1160 wrote to memory of 1964	1160	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775f.exe	26
PID 1160 wrote to memory of 1964	1160	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775f.exe	26
PID 1160 wrote to memory of 1964	1160	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775f.exe	26
PID 1160 wrote to memory of 1964	1160	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775f.exe	26
PID 1160 wrote to memory of 1964	1160	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775f.exe	26
PID 1160 wrote to memory of 1964	1160	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775f.exe	26
PID 1964 wrote to memory of 1456	1964	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe	27
PID 1964 wrote to memory of 1456	1964	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe	27
PID 1964 wrote to memory of 1456	1964	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe	27
PID 1964 wrote to memory of 1456	1964	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe	27
PID 1964 wrote to memory of 1456	1964	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe	27
PID 1964 wrote to memory of 1456	1964	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe	27
PID 1964 wrote to memory of 1456	1964	0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe	27

C:\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775f.exe
"C:\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe
  C:\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1964
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 256
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe

Filesize
133KB

MD5
cdb08259f376e72d84caaff2246e7b8d

SHA1
c812ffaebdac00ea61901b2a3d0b40bd9495d1da

SHA256
c572bcb3d9c247d7f45fefaaa5d62463bf5ef701a13cbbfc160dc81fc0301a05

SHA512
1e693e099ce8cad51863e44e522cb9b67ec785891b36eb623048a8ab6d37619a2a599c8237c5757f85aa696335c57c54b55afd2a92189cc46378998dad8af7f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe

Filesize
133KB

MD5
cdb08259f376e72d84caaff2246e7b8d

SHA1
c812ffaebdac00ea61901b2a3d0b40bd9495d1da

SHA256
c572bcb3d9c247d7f45fefaaa5d62463bf5ef701a13cbbfc160dc81fc0301a05

SHA512
1e693e099ce8cad51863e44e522cb9b67ec785891b36eb623048a8ab6d37619a2a599c8237c5757f85aa696335c57c54b55afd2a92189cc46378998dad8af7f7

Download Submit
\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe

Filesize
133KB

MD5
cdb08259f376e72d84caaff2246e7b8d

SHA1
c812ffaebdac00ea61901b2a3d0b40bd9495d1da

SHA256
c572bcb3d9c247d7f45fefaaa5d62463bf5ef701a13cbbfc160dc81fc0301a05

SHA512
1e693e099ce8cad51863e44e522cb9b67ec785891b36eb623048a8ab6d37619a2a599c8237c5757f85aa696335c57c54b55afd2a92189cc46378998dad8af7f7

Download Submit
\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe

Filesize
133KB

MD5
cdb08259f376e72d84caaff2246e7b8d

SHA1
c812ffaebdac00ea61901b2a3d0b40bd9495d1da

SHA256
c572bcb3d9c247d7f45fefaaa5d62463bf5ef701a13cbbfc160dc81fc0301a05

SHA512
1e693e099ce8cad51863e44e522cb9b67ec785891b36eb623048a8ab6d37619a2a599c8237c5757f85aa696335c57c54b55afd2a92189cc46378998dad8af7f7

Download Submit
\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe

Filesize
133KB

MD5
cdb08259f376e72d84caaff2246e7b8d

SHA1
c812ffaebdac00ea61901b2a3d0b40bd9495d1da

SHA256
c572bcb3d9c247d7f45fefaaa5d62463bf5ef701a13cbbfc160dc81fc0301a05

SHA512
1e693e099ce8cad51863e44e522cb9b67ec785891b36eb623048a8ab6d37619a2a599c8237c5757f85aa696335c57c54b55afd2a92189cc46378998dad8af7f7

Download Submit
\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe

Filesize
133KB

MD5
cdb08259f376e72d84caaff2246e7b8d

SHA1
c812ffaebdac00ea61901b2a3d0b40bd9495d1da

SHA256
c572bcb3d9c247d7f45fefaaa5d62463bf5ef701a13cbbfc160dc81fc0301a05

SHA512
1e693e099ce8cad51863e44e522cb9b67ec785891b36eb623048a8ab6d37619a2a599c8237c5757f85aa696335c57c54b55afd2a92189cc46378998dad8af7f7

Download Submit
\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe

Filesize
133KB

MD5
cdb08259f376e72d84caaff2246e7b8d

SHA1
c812ffaebdac00ea61901b2a3d0b40bd9495d1da

SHA256
c572bcb3d9c247d7f45fefaaa5d62463bf5ef701a13cbbfc160dc81fc0301a05

SHA512
1e693e099ce8cad51863e44e522cb9b67ec785891b36eb623048a8ab6d37619a2a599c8237c5757f85aa696335c57c54b55afd2a92189cc46378998dad8af7f7

Download Submit
\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe

Filesize
133KB

MD5
cdb08259f376e72d84caaff2246e7b8d

SHA1
c812ffaebdac00ea61901b2a3d0b40bd9495d1da

SHA256
c572bcb3d9c247d7f45fefaaa5d62463bf5ef701a13cbbfc160dc81fc0301a05

SHA512
1e693e099ce8cad51863e44e522cb9b67ec785891b36eb623048a8ab6d37619a2a599c8237c5757f85aa696335c57c54b55afd2a92189cc46378998dad8af7f7

Download Submit
\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe

Filesize
133KB

MD5
cdb08259f376e72d84caaff2246e7b8d

SHA1
c812ffaebdac00ea61901b2a3d0b40bd9495d1da

SHA256
c572bcb3d9c247d7f45fefaaa5d62463bf5ef701a13cbbfc160dc81fc0301a05

SHA512
1e693e099ce8cad51863e44e522cb9b67ec785891b36eb623048a8ab6d37619a2a599c8237c5757f85aa696335c57c54b55afd2a92189cc46378998dad8af7f7

Download Submit
\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe

Filesize
133KB

MD5
cdb08259f376e72d84caaff2246e7b8d

SHA1
c812ffaebdac00ea61901b2a3d0b40bd9495d1da

SHA256
c572bcb3d9c247d7f45fefaaa5d62463bf5ef701a13cbbfc160dc81fc0301a05

SHA512
1e693e099ce8cad51863e44e522cb9b67ec785891b36eb623048a8ab6d37619a2a599c8237c5757f85aa696335c57c54b55afd2a92189cc46378998dad8af7f7

Download Submit
\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe

Filesize
133KB

MD5
cdb08259f376e72d84caaff2246e7b8d

SHA1
c812ffaebdac00ea61901b2a3d0b40bd9495d1da

SHA256
c572bcb3d9c247d7f45fefaaa5d62463bf5ef701a13cbbfc160dc81fc0301a05

SHA512
1e693e099ce8cad51863e44e522cb9b67ec785891b36eb623048a8ab6d37619a2a599c8237c5757f85aa696335c57c54b55afd2a92189cc46378998dad8af7f7

Download Submit
\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe

Filesize
133KB

MD5
cdb08259f376e72d84caaff2246e7b8d

SHA1
c812ffaebdac00ea61901b2a3d0b40bd9495d1da

SHA256
c572bcb3d9c247d7f45fefaaa5d62463bf5ef701a13cbbfc160dc81fc0301a05

SHA512
1e693e099ce8cad51863e44e522cb9b67ec785891b36eb623048a8ab6d37619a2a599c8237c5757f85aa696335c57c54b55afd2a92189cc46378998dad8af7f7

Download Submit
\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe

Filesize
133KB

MD5
cdb08259f376e72d84caaff2246e7b8d

SHA1
c812ffaebdac00ea61901b2a3d0b40bd9495d1da

SHA256
c572bcb3d9c247d7f45fefaaa5d62463bf5ef701a13cbbfc160dc81fc0301a05

SHA512
1e693e099ce8cad51863e44e522cb9b67ec785891b36eb623048a8ab6d37619a2a599c8237c5757f85aa696335c57c54b55afd2a92189cc46378998dad8af7f7

Download Submit
\Users\Admin\AppData\Local\Temp\0ee3408146f7cfc8e944c9d266975cf932da7f438fd07b0dfc2ba20b7fd8775fmgr.exe

Filesize
133KB

MD5
cdb08259f376e72d84caaff2246e7b8d

SHA1
c812ffaebdac00ea61901b2a3d0b40bd9495d1da

SHA256
c572bcb3d9c247d7f45fefaaa5d62463bf5ef701a13cbbfc160dc81fc0301a05

SHA512
1e693e099ce8cad51863e44e522cb9b67ec785891b36eb623048a8ab6d37619a2a599c8237c5757f85aa696335c57c54b55afd2a92189cc46378998dad8af7f7

Download Submit
memory/1160-54-0x0000000075A91000-0x0000000075A93000-memory.dmp

Filesize
8KB

Download
memory/1160-65-0x0000000000170000-0x000000000017D000-memory.dmp

Filesize
52KB

Download
memory/1160-59-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads