Analysis

  • max time kernel
    40s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06-11-2022 16:20

General

  • Target

    0b6667523185c9565bb52b42350a2cb351143d95eed1b7c1a6e9ed049334e693.exe

  • Size

    662KB

  • MD5

    0528395612437030025e6e1b0ca9d619

  • SHA1

    129837f35fdf5e40f4b5048dc790530065a8a32e

  • SHA256

    0b6667523185c9565bb52b42350a2cb351143d95eed1b7c1a6e9ed049334e693

  • SHA512

    ef57139e4beb9b7e30272a5e021c7333bf4eac1c4cddd0c91b3d199a292ad1e0b9225a90e434497071c89147630c71415b087f459779c14ad55ef3c54e1e5016

  • SSDEEP

    12288:EmxeD3h/N1jpZNi9R+swevu2lyVhjMpuxoYB6SfS8ivUHRwvoLo1nHZ1XztgZaC/:nANtN8KjMpuxoYB6SfS8ivUHRwvoLo1+

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b6667523185c9565bb52b42350a2cb351143d95eed1b7c1a6e9ed049334e693.exe
    "C:\Users\Admin\AppData\Local\Temp\0b6667523185c9565bb52b42350a2cb351143d95eed1b7c1a6e9ed049334e693.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 152
      2⤵
      • Program crash
      PID:1076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1076-54-0x0000000000000000-mapping.dmp

  • memory/1488-55-0x0000000000B30000-0x0000000000BDB000-memory.dmp

    Filesize

    684KB